CVE-2016-9901 – Mozilla: Data from Pocket server improperly sanitized before execution (MFSA 2016-94, MFSA 2016-95)
https://notcve.org/view.php?id=CVE-2016-9901
HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the "about:pocket-saved" (unprivileged) page, giving it access to Pocket's messaging API through HTML injection. This vulnerability affects Firefox ESR < 45.6 and Firefox < 50.1. Las etiquetas HTML recibidas del servidor Pocket serán procesadas sin sanear y cualquier código JavaScript que se ejecute lo hará en la página "about:pocket-saved" (sin privilegios), concediéndole acceso a la API de mensajes de Pocket mediante una inyección HTML. La vulnerabilidad afecta a Firefox ESR en versiones anteriores a la 45.6 y Firefox en versiones anteriores a la 50.1. • http://rhn.redhat.com/errata/RHSA-2016-2946.html http://rhn.redhat.com/errata/RHSA-2016-2973.html http://www.securityfocus.com/bid/94885 http://www.securitytracker.com/id/1037461 https://bugzilla.mozilla.org/show_bug.cgi?id=1320057 https://security.gentoo.org/glsa/201701-15 https://www.mozilla.org/security/advisories/mfsa2016-94 https://www.mozilla.org/security/advisories/mfsa2016-95 https://access.redhat.com/security/cve/CVE-2016-9901 https://bugzilla.redhat.com/show_bu • CWE-20: Improper Input Validation •
CVE-2016-9895 – Mozilla: CSP bypass using marquee tag (MFSA 2016-94, MFSA 2016-95)
https://notcve.org/view.php?id=CVE-2016-9895
Event handlers on "marquee" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. Los gestores de eventos en los elementos "marquee" se ejecutaron a pesar de que existe un CSP (Content Security Policy) estricto que prohibía el JavaScript inline. La vulnerabilidad afecta a Firefox en versiones anteriores a la 50.1, Firefox ESR en versiones anteriores a la 45.6 y Thunderbird en versiones anteriores a la 45.6. • http://rhn.redhat.com/errata/RHSA-2016-2946.html http://rhn.redhat.com/errata/RHSA-2016-2973.html http://www.securityfocus.com/bid/94885 http://www.securitytracker.com/id/1037461 https://bugzilla.mozilla.org/show_bug.cgi?id=1312272 https://security.gentoo.org/glsa/201701-15 https://www.debian.org/security/2017/dsa-3757 https://www.mozilla.org/security/advisories/mfsa2016-94 https://www.mozilla.org/security/advisories/mfsa2016-95 https://www.mozilla.org/security/advisories • CWE-254: 7PK - Security Features •
CVE-2016-9904 – Mozilla: Cross-origin information leak in shared atoms (MFSA 2016-94, MFSA 2016-95)
https://notcve.org/view.php?id=CVE-2016-9904
An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. Un atacante podría utilizar un ataque de sincronización por JavaScript Map/Set para determinar si un atom está siendo empleado por otro compartimento/zona en determinados contextos. Esto podría emplearse para filtrar información, como nombres de usuario embebidos en código JavaScript, en sitios web. • http://rhn.redhat.com/errata/RHSA-2016-2946.html http://www.securityfocus.com/bid/94885 http://www.securitytracker.com/id/1037461 https://bugzilla.mozilla.org/show_bug.cgi?id=1317936 https://security.gentoo.org/glsa/201701-15 https://www.debian.org/security/2017/dsa-3757 https://www.mozilla.org/security/advisories/mfsa2016-94 https://www.mozilla.org/security/advisories/mfsa2016-95 https://www.mozilla.org/security/advisories/mfsa2016-96 https://access.redhat.com/security/cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-9079 – Mozilla Firefox, Firefox ESR, and Thunderbird Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2016-9079
A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1. Se ha descubierto una vulnerabilidad de uso de memoria previamente liberada en SVG Animation. Se ha descubierto un exploit construido sobre esta vulnerabilidad "in the wild" que apunta a usuarios de Firefox y Tor Browser en Windows. • https://www.exploit-db.com/exploits/42327 https://www.exploit-db.com/exploits/41151 https://github.com/dangokyo/CVE-2016-9079 https://github.com/LakshmiDesai/CVE-2016-9079 https://github.com/Tau-hub/Firefox-CVE-2016-9079 http://rhn.redhat.com/errata/RHSA-2016-2843.html http://rhn.redhat.com/errata/RHSA-2016-2850.html http://www.securityfocus.com/bid/94591 http://www.securitytracker.com/id/1037370 https://bugzilla.mozilla.org/show_bug.cgi?id=1321066 https://se • CWE-416: Use After Free •
CVE-2016-8635 – nss: small-subgroups attack flaw
https://notcve.org/view.php?id=CVE-2016-8635
It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group. Se ha descubierto que el manejo del intercambio de claves de cliente Diffie Hellman en NSS 3.21.x era vulnerable a un ataque de confinamiento de subgrupo pequeño. Un atacante podría emplear este error para recuperar claves privadas confinando la clave DH del cliente en un subgrupo pequeño del grupo deseado. It was found that Diffie Hellman Client key exchange handling in NSS was vulnerable to small subgroup confinement attack. • http://rhn.redhat.com/errata/RHSA-2016-2779.html http://www.securityfocus.com/bid/94346 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8635 https://security.gentoo.org/glsa/201701-46 https://access.redhat.com/security/cve/CVE-2016-8635 https://bugzilla.redhat.com/show_bug.cgi?id=1391818 • CWE-320: Key Management Errors CWE-358: Improperly Implemented Security Check for Standard •