FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mozilla -- multiple vulnerabilities

Affected packages
firefox < 50.1.0_1,1
linux-seamonkey < 2.47
seamonkey < 2.47
firefox-esr < 45.6.0,1
linux-firefox < 45.6.0,2
libxul < 45.6.0
linux-thunderbird < 45.6.0
thunderbird < 45.6.0

Details

VuXML ID 512c0ffd-cd39-4da4-b2dc-81ff4ba8e238
Discovery 2016-12-13
Entry 2016-12-14

Mozilla Foundation reports:

CVE-2016-9894: Buffer overflow in SkiaGL

CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements

CVE-2016-9895: CSP bypass using marquee tag

CVE-2016-9896: Use-after-free with WebVR

CVE-2016-9897: Memory corruption in libGLES

CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees

CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs

CVE-2016-9904: Cross-origin information leak in shared atoms

CVE-2016-9901: Data from Pocket server improperly sanitized before execution

CVE-2016-9902: Pocket extension does not validate the origin of events

CVE-2016-9903: XSS injection vulnerability in add-ons SDK

CVE-2016-9080: Memory safety bugs fixed in Firefox 50.1

CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and Firefox ESR 45.6

References

CVE Name CVE-2016-9080
CVE Name CVE-2016-9893
CVE Name CVE-2016-9894
CVE Name CVE-2016-9895
CVE Name CVE-2016-9896
CVE Name CVE-2016-9897
CVE Name CVE-2016-9898
CVE Name CVE-2016-9899
CVE Name CVE-2016-9900
CVE Name CVE-2016-9901
CVE Name CVE-2016-9902
CVE Name CVE-2016-9903
CVE Name CVE-2016-9904
URL https://www.mozilla.org/security/advisories/mfsa2016-94/
URL https://www.mozilla.org/security/advisories/mfsa2016-95/