FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mozilla -- multiple vulnerabilities

Affected packages
firefox < 50.0_1,1
linux-seamonkey < 2.47
seamonkey < 2.47
firefox-esr < 45.5.0,1
linux-firefox < 45.5.0,2
libxul < 45.5.0
linux-thunderbird < 45.5.0
thunderbird < 45.5.0

Details

VuXML ID d1853110-07f4-4645-895b-6fd462ad0589
Discovery 2016-11-15
Entry 2016-11-16

Mozilla Foundation reports:

CVE-2016-5289: Memory safety bugs fixed in Firefox 50

CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5

CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file

CVE-2016-5292: URL parsing causes crash

CVE-2016-5293: Write to arbitrary file with updater and moz maintenance service using updater.log h

CVE-2016-5294: Arbitrary target directory for result files of update process

CVE-2016-5295: Mozilla Maintenance Service: Ability to read arbitrary files as SYSTEM

CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1

CVE-2016-5297: Incorrect argument length checking in Javascript

CVE-2016-5298: SSL indicator can mislead the user about the real URL visited

CVE-2016-5299: Firefox AuthToken in broadcast protected with signature-level permission can be accessed by an app

CVE-2016-9061: API Key (glocation) in broadcast protected with signature-level permission can be accessed by an a

CVE-2016-9062: Private browsing browser traces (android) in browser.db and wal file

CVE-2016-9063: Possible integer overflow to fix inside XML_Parse in expat

CVE-2016-9064: Addons update must verify IDs match between current and new versions

CVE-2016-9065: Firefox for Android location bar spoofing using fullscreen

CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler

CVE-2016-9067: heap-use-after-free in nsINode::ReplaceOrInsertBefore

CVE-2016-9068: heap-use-after-free in nsRefreshDriver

CVE-2016-9070: Sidebar bookmark can have reference to chrome window

CVE-2016-9071: Probe browser history via HSTS/301 redirect + CSP

CVE-2016-9072: 64-bit NPAPI sandbox isn't enabled on fresh profile

CVE-2016-9073: windows.create schema doesn't specify "format": "relativeUrl"

CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler

CVE-2016-9075: WebExtensions can access the mozAddonManager API and use it to gain elevated privileges

CVE-2016-9076: select dropdown menu can be used for URL bar spoofing on e10s

CVE-2016-9077: Canvas filters allow feDisplacementMaps to be applied to cross-origin images, allowing timing atta

References

CVE Name CVE-2016-5289
CVE Name CVE-2016-5290
CVE Name CVE-2016-5291
CVE Name CVE-2016-5292
CVE Name CVE-2016-5293
CVE Name CVE-2016-5294
CVE Name CVE-2016-5295
CVE Name CVE-2016-5296
CVE Name CVE-2016-5297
CVE Name CVE-2016-5298
CVE Name CVE-2016-5299
CVE Name CVE-2016-9061
CVE Name CVE-2016-9062
CVE Name CVE-2016-9063
CVE Name CVE-2016-9064
CVE Name CVE-2016-9065
CVE Name CVE-2016-9066
CVE Name CVE-2016-9067
CVE Name CVE-2016-9068
CVE Name CVE-2016-9070
CVE Name CVE-2016-9071
CVE Name CVE-2016-9072
CVE Name CVE-2016-9073
CVE Name CVE-2016-9074
CVE Name CVE-2016-9075
CVE Name CVE-2016-9076
CVE Name CVE-2016-9077
URL https://www.mozilla.org/security/advisories/mfsa2016-89/
URL https://www.mozilla.org/security/advisories/mfsa2016-90/