CVE-2016-9902 in Firefoxinformazioni

Riassunto

di MITRE

The Pocket toolbar button, once activated, listens for events fired from it's own pages but does not verify the origin of incoming events. This allows content from other origins to fire events and inject content and commands into the Pocket context. Note: this issue does not affect users with e10s enabled. This vulnerability affects Firefox ESR < 45.6 and Firefox < 50.1.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Prenotare

07/12/2016

Divulgazione

11/06/2018

Moderazione

accettato

Voce

VDB-94498

CPE

pronto

CWE

CWE-346 (confermato)

CVSS

7.5 (NVD)

EPSS

0.01334

KEV

Attività

molto basso

Settore

Insurance, Police, ...

Fonti

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-9902
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-9902
CVE Details	https://www.cvedetails.com/cve/CVE-2016-9902/

◂ Precedente Visione D'ensemble Il prossimo ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!