CVE-2016-9902 in Firefoxinfo

Zusammenfassung

von MITRE

The Pocket toolbar button, once activated, listens for events fired from it's own pages but does not verify the origin of incoming events. This allows content from other origins to fire events and inject content and commands into the Pocket context. Note: this issue does not affect users with e10s enabled. This vulnerability affects Firefox ESR < 45.6 and Firefox < 50.1.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Reservieren

07.12.2016

Veröffentlichung

11.06.2018

Moderieren

akzeptiert

Eintrag

VDB-94498

CPE

bereit

CWE

CWE-346 (bestätigt)

CVSS

7.5 (NVD)

EPSS

0.01334

KEV

nein

Aktivitäten

very low

Sektor

Energy, Telecommunication, ...

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-9902
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-9902
CVE Details	https://www.cvedetails.com/cve/CVE-2016-9902/

◂ Zurück Übersicht Weiter ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!