CVE-2016-9066
- EPSS 12.42%
- Veröffentlicht 11.06.2018 21:29:01
- Zuletzt bearbeitet 25.11.2025 17:50:16
A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.
CVE-2016-9067
- EPSS 1.91%
- Veröffentlicht 11.06.2018 21:29:01
- Zuletzt bearbeitet 21.11.2024 03:00:32
Two use-after-free errors during DOM operations resulting in potentially exploitable crashes. This vulnerability affects Firefox < 50.
CVE-2016-9068
- EPSS 2.05%
- Veröffentlicht 11.06.2018 21:29:01
- Zuletzt bearbeitet 21.11.2024 03:00:32
A use-after-free during web animations when working with timelines resulting in a potentially exploitable crash. This vulnerability affects Firefox < 50.
- EPSS 1.94%
- Veröffentlicht 11.06.2018 21:29:01
- Zuletzt bearbeitet 21.11.2024 03:00:32
A maliciously crafted page loaded to the sidebar through a bookmark can reference a privileged chrome window and engage in limited JavaScript operations violating cross-origin protections. This vulnerability affects Firefox < 50.
CVE-2016-9071
- EPSS 1.91%
- Veröffentlicht 11.06.2018 21:29:01
- Zuletzt bearbeitet 21.11.2024 03:00:32
Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history. This vulnerability affects Firefox < 50.
CVE-2016-9072
- EPSS 1.34%
- Veröffentlicht 11.06.2018 21:29:01
- Zuletzt bearbeitet 21.11.2024 03:00:32
When a new Firefox profile is created on 64-bit Windows installations, the sandbox for 64-bit NPAPI plugins is not enabled by default. Note: This issue only affects 64-bit Windows. 32-bit Windows and other operating systems are unaffected. This vulne...
CVE-2016-9073
- EPSS 1.66%
- Veröffentlicht 11.06.2018 21:29:01
- Zuletzt bearbeitet 21.11.2024 03:00:32
WebExtensions can bypass security checks to load privileged URLs and potentially escape the WebExtension sandbox. This vulnerability affects Firefox < 50.
CVE-2016-9074
- EPSS 2.45%
- Veröffentlicht 11.06.2018 21:29:01
- Zuletzt bearbeitet 25.11.2025 17:50:16
An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.
CVE-2016-9075
- EPSS 2.16%
- Veröffentlicht 11.06.2018 21:29:01
- Zuletzt bearbeitet 21.11.2024 03:00:33
An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list. This allows a malicious extension to then install additional extensions without explicit user permission....
CVE-2016-9076
- EPSS 1.8%
- Veröffentlicht 11.06.2018 21:29:01
- Zuletzt bearbeitet 21.11.2024 03:00:33
An issue where a "<select>" dropdown menu can be used to cover location bar content, resulting in potential spoofing attacks. This attack requires e10s to be enabled in order to function. This vulnerability affects Firefox < 50.