usn-3124-1
Vulnerability from osv_ubuntu
Christian Holler, Andrew McCreight, Dan Minor, Tyson Smith, Jon Coppeard, Jan-Ivar Bruaroey, Jesse Ruderman, Markus Stange, Olli Pettay, Ehsan Akhgari, Gary Kwong, Tooru Fujisawa, and Randell Jesup discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5289, CVE-2016-5290)
A same-origin policy bypass was discovered with local HTML files in some circumstances. An attacker could potentially exploit this to obtain sensitive information. (CVE-2016-5291)
A crash was discovered when parsing URLs in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary code. (CVE-2016-5292)
A heap buffer-overflow was discovered in Cairo when processing SVG content. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5296)
An error was discovered in argument length checking in Javascript. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5297)
An integer overflow was discovered in the Expat library. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2016-9063)
It was discovered that addon updates failed to verify that the addon ID inside the signed package matched the ID of the addon being updated. An attacker that could perform a machine-in-the-middle (MITM) attack could potentially exploit this to provide malicious addon updates. (CVE-2016-9064)
A buffer overflow was discovered in nsScriptLoadHandler. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-9066)
2 use-after-free bugs were discovered during DOM operations in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-9067, CVE-2016-9069)
A heap use-after-free was discovered during web animations in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-9068)
It was discovered that a page loaded in to the sidebar through a bookmark could reference a privileged chrome window. An attacker could potentially exploit this to bypass same origin restrictions. (CVE-2016-9070)
An issue was discovered with Content Security Policy (CSP) in combination with HTTP to HTTPS redirection. An attacker could potentially exploit this to verify whether a site is within the user's browsing history. (CVE-2016-9071)
An issue was discovered with the windows.create() WebExtensions API. If a user were tricked in to installing a malicious extension, an attacker could potentially exploit this to escape the WebExtensions sandbox. (CVE-2016-9073)
It was discovered that WebExtensions can use the mozAddonManager API. An attacker could potentially exploit this to install additional extensions without user permission. (CVE-2016-9075)
It was discovered that element dropdown menus can cover location bar content when e10s is enabled. An attacker could potentially exploit this to conduct UI spoofing attacks. (CVE-2016-9076)
It was discovered that canvas allows the use of the feDisplacementMap filter on cross-origin images. An attacker could potentially exploit this to conduct timing attacks. (CVE-2016-9077)
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2016-5289",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-5290",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-5291",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-5292",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-5296",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-5297",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9063",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9064",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9066",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9067",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9068",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9069",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9070",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9071",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9073",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9075",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9076",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9077",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:14.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "50.0+build2-0ubuntu0.14.04.2"
},
{
"binary_name": "firefox-globalmenu",
"binary_version": "50.0+build2-0ubuntu0.14.04.2"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "50.0+build2-0ubuntu0.14.04.2"
},
{
"binary_name": "firefox-testsuite",
"binary_version": "50.0+build2-0ubuntu0.14.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@50.0+build2-0ubuntu0.14.04.2?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "50.0+build2-0ubuntu0.14.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"24.0+build1-0ubuntu1",
"25.0+build3-0ubuntu0.13.10.1",
"28.0~b2+build1-0ubuntu2",
"28.0+build1-0ubuntu1",
"28.0+build2-0ubuntu1",
"28.0+build2-0ubuntu2",
"29.0+build1-0ubuntu0.14.04.2",
"30.0+build1-0ubuntu0.14.04.3",
"31.0+build1-0ubuntu0.14.04.1",
"32.0+build1-0ubuntu0.14.04.1",
"32.0.3+build1-0ubuntu0.14.04.1",
"33.0+build2-0ubuntu0.14.04.1",
"34.0+build2-0ubuntu0.14.04.1",
"35.0+build3-0ubuntu0.14.04.2",
"35.0.1+build1-0ubuntu0.14.04.1",
"36.0+build2-0ubuntu0.14.04.4",
"36.0.1+build2-0ubuntu0.14.04.1",
"36.0.4+build1-0ubuntu0.14.04.1",
"37.0+build2-0ubuntu0.14.04.1",
"37.0.1+build1-0ubuntu0.14.04.1",
"37.0.2+build1-0ubuntu0.14.04.1",
"38.0+build3-0ubuntu0.14.04.1",
"39.0+build5-0ubuntu0.14.04.1",
"39.0.3+build2-0ubuntu0.14.04.1",
"40.0+build4-0ubuntu0.14.04.1",
"40.0+build4-0ubuntu0.14.04.4",
"40.0.3+build1-0ubuntu0.14.04.1",
"41.0+build3-0ubuntu0.14.04.1",
"41.0.1+build2-0ubuntu0.14.04.1",
"41.0.2+build2-0ubuntu0.14.04.1",
"42.0+build2-0ubuntu0.14.04.1",
"43.0+build1-0ubuntu0.14.04.1",
"43.0.4+build3-0ubuntu0.14.04.1",
"44.0+build3-0ubuntu0.14.04.1",
"44.0.1+build2-0ubuntu0.14.04.1",
"44.0.2+build1-0ubuntu0.14.04.1",
"45.0+build2-0ubuntu0.14.04.1",
"45.0.1+build1-0ubuntu0.14.04.2",
"45.0.2+build1-0ubuntu0.14.04.1",
"46.0+build5-0ubuntu0.14.04.2",
"46.0.1+build1-0ubuntu0.14.04.3",
"47.0+build3-0ubuntu0.14.04.1",
"48.0+build2-0ubuntu0.14.04.1",
"49.0+build4-0ubuntu0.14.04.1",
"49.0.2+build2-0ubuntu0.14.04.1"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2016-5289",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-5290",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-5291",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-5292",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-5296",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-5297",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9063",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9064",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9066",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9067",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9068",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9069",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9070",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9071",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9073",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9075",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9076",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-9077",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:16.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "50.0+build2-0ubuntu0.16.04.2"
},
{
"binary_name": "firefox-globalmenu",
"binary_version": "50.0+build2-0ubuntu0.16.04.2"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "50.0+build2-0ubuntu0.16.04.2"
},
{
"binary_name": "firefox-testsuite",
"binary_version": "50.0+build2-0ubuntu0.16.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@50.0+build2-0ubuntu0.16.04.2?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "50.0+build2-0ubuntu0.16.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"41.0.2+build2-0ubuntu1",
"42.0+build2-0ubuntu1",
"44.0+build3-0ubuntu2",
"44.0.1+build1-0ubuntu1",
"44.0.2+build1-0ubuntu1",
"45.0+build2-0ubuntu1",
"45.0.1+build1-0ubuntu1",
"45.0.2+build1-0ubuntu1",
"46.0+build5-0ubuntu0.16.04.2",
"46.0.1+build1-0ubuntu0.16.04.2",
"47.0+build3-0ubuntu0.16.04.1",
"48.0+build2-0ubuntu0.16.04.1",
"49.0+build4-0ubuntu0.16.04.1",
"49.0.2+build2-0ubuntu0.16.04.2"
]
}
],
"aliases": [],
"details": "Christian Holler, Andrew McCreight, Dan Minor, Tyson Smith, Jon Coppeard,\nJan-Ivar Bruaroey, Jesse Ruderman, Markus Stange, Olli Pettay, Ehsan\nAkhgari, Gary Kwong, Tooru Fujisawa, and Randell Jesup discovered multiple\nmemory safety issues in Firefox. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit these to\ncause a denial of service via application crash, or execute arbitrary\ncode. (CVE-2016-5289, CVE-2016-5290)\n\nA same-origin policy bypass was discovered with local HTML files in some\ncircumstances. An attacker could potentially exploit this to obtain\nsensitive information. (CVE-2016-5291)\n\nA crash was discovered when parsing URLs in some circumstances. If a user\nwere tricked in to opening a specially crafted website, an attacker could\npotentially exploit this to execute arbitrary code. (CVE-2016-5292)\n\nA heap buffer-overflow was discovered in Cairo when processing SVG\ncontent. If a user were tricked in to opening a specially crafted website,\nan attacker could potentially exploit this to cause a denial of service\nvia application crash, or execute arbitrary code. (CVE-2016-5296)\n\nAn error was discovered in argument length checking in Javascript. If a\nuser were tricked in to opening a specially crafted website, an attacker\ncould potentially exploit this to cause a denial of service via\napplication crash, or execute arbitrary code. (CVE-2016-5297)\n\nAn integer overflow was discovered in the Expat library. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via application\ncrash. (CVE-2016-9063)\n\nIt was discovered that addon updates failed to verify that the addon ID\ninside the signed package matched the ID of the addon being updated.\nAn attacker that could perform a machine-in-the-middle (MITM) attack could\npotentially exploit this to provide malicious addon updates.\n(CVE-2016-9064)\n\nA buffer overflow was discovered in nsScriptLoadHandler. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via application\ncrash, or execute arbitrary code. (CVE-2016-9066)\n\n2 use-after-free bugs were discovered during DOM operations in some\ncircumstances. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit these to cause a denial of\nservice via application crash, or execute arbitrary code. (CVE-2016-9067,\nCVE-2016-9069)\n\nA heap use-after-free was discovered during web animations in some\ncircumstances. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial of\nservice via application crash, or execute arbitrary code. (CVE-2016-9068)\n\nIt was discovered that a page loaded in to the sidebar through a bookmark\ncould reference a privileged chrome window. An attacker could potentially\nexploit this to bypass same origin restrictions. (CVE-2016-9070)\n\nAn issue was discovered with Content Security Policy (CSP) in combination\nwith HTTP to HTTPS redirection. An attacker could potentially exploit this\nto verify whether a site is within the user\u0027s browsing history.\n(CVE-2016-9071)\n\nAn issue was discovered with the windows.create() WebExtensions API. If a\nuser were tricked in to installing a malicious extension, an attacker\ncould potentially exploit this to escape the WebExtensions sandbox.\n(CVE-2016-9073)\n\nIt was discovered that WebExtensions can use the mozAddonManager API. An\nattacker could potentially exploit this to install additional extensions\nwithout user permission. (CVE-2016-9075)\n\nIt was discovered that \u003cselect\u003e element dropdown menus can cover location\nbar content when e10s is enabled. An attacker could potentially exploit\nthis to conduct UI spoofing attacks. (CVE-2016-9076)\n\nIt was discovered that canvas allows the use of the feDisplacementMap\nfilter on cross-origin images. An attacker could potentially exploit this\nto conduct timing attacks. (CVE-2016-9077)\n",
"id": "USN-3124-1",
"modified": "2026-04-22T07:36:33Z",
"published": "2016-11-19T00:07:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-3124-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-5289"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-5290"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-5291"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-5292"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-5296"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-5297"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-9063"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-9064"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-9066"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-9067"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-9068"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-9069"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-9070"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-9071"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-9073"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-9075"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-9076"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-9077"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "firefox vulnerabilities",
"upstream": [
"UBUNTU-CVE-2016-5289",
"UBUNTU-CVE-2016-5290",
"UBUNTU-CVE-2016-5291",
"UBUNTU-CVE-2016-5292",
"UBUNTU-CVE-2016-5296",
"UBUNTU-CVE-2016-5297",
"UBUNTU-CVE-2016-9063",
"UBUNTU-CVE-2016-9064",
"UBUNTU-CVE-2016-9066",
"UBUNTU-CVE-2016-9067",
"UBUNTU-CVE-2016-9068",
"UBUNTU-CVE-2016-9069",
"UBUNTU-CVE-2016-9070",
"UBUNTU-CVE-2016-9071",
"UBUNTU-CVE-2016-9073",
"UBUNTU-CVE-2016-9075",
"UBUNTU-CVE-2016-9076",
"UBUNTU-CVE-2016-9077"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.