JSON View XML View

Key Value
MTID M116802
Title Mozilla Firefox /Firefox ESR Cross-Origin Information Disclosure
Description A vulnerability in some versions of Mozilla Firefox and Firefox ESR could lead to information disclosure.
Observation A vulnerability in some versions of Mozilla Firefox and Firefox ESR could lead to information disclosure.

The flaw occurs when an attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. Successful exploitation by a remote attacker could result in the disclosure of sensitive information.

Recommendation The vendor has released an update to address the issue:

https://www.mozilla.org/en-US/security/advisories/mfsa2016-94/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/

Vendor Mozilla
Attack Vector Authenticated locally logged on user with limited privileges
Importance 5
Impact 10.00084536000
Threat Score 9.33
Labels
References
CVECVE-2016-9904
MTIDM116802
CPEs
cpe:/a:mozilla:firefox_esr:45.5
cpe:/a:mozilla:firefox:50.0.2
Created At 2016-12-13 00:00:00 UTC
Updated At 2016-12-30 10:31:00 UTC

Back