CVE-2016-9901

Current Description

HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the "about:pocket-saved" (unprivileged) page, giving it access to Pocket's messaging API through HTML injection. This vulnerability affects Firefox ESR < 45.6 and Firefox < 50.1.

Basic Data

PublishedJune 11, 2018
Last ModifiedAugust 01, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-20
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score7.5
SeverityHIGH
Exploitability Score10.0
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

CVSS 3 - Version3.0
CVSS 3 - Vector StringCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 3 - Attack VectorNETWORK
CVSS 3 - Attack ComplexityLOW
CVSS 3 - Privileges RequiredNONE
CVSS 3 - User InteractionNONE
CVSS 3 - ScopeUNCHANGED
CVSS 3 - Confidentiality ImpactHIGH
CVSS 3 - Integrity ImpactHIGH
CVSS 3 - Availability ImpactHIGH
CVSS 3 - Base Score9.8
CVSS 3 - Base SeverityCRITICAL
Exploitability Score3.9
Base SeverityCRITICAL

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSRedhatEnterprise Linux Aus7.3*******
    2.3OSRedhatEnterprise Linux Aus7.4*******
    2.3OSRedhatEnterprise Linux Desktop5.0*******
    2.3OSRedhatEnterprise Linux Desktop6.0*******
    2.3OSRedhatEnterprise Linux Desktop7.0*******
    2.3OSRedhatEnterprise Linux Eus7.3*******
    2.3OSRedhatEnterprise Linux Eus7.4*******
    2.3OSRedhatEnterprise Linux Eus7.5*******
    2.3OSRedhatEnterprise Linux Server5.0*******
    2.3OSRedhatEnterprise Linux Server6.0*******
    2.3OSRedhatEnterprise Linux Server7.0*******
    2.3OSRedhatEnterprise Linux Workstation5.0*******
    2.3OSRedhatEnterprise Linux Workstation6.0*******
    2.3OSRedhatEnterprise Linux Workstation7.0*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationMozillaFirefox********50.1
    2.3ApplicationMozillaFirefox Esr********45.6.0

Vulnerable Software List

VendorProductVersions
Mozilla Firefox *
Mozilla Firefox Esr *
Redhat Enterprise Linux Workstation 5.0, 6.0, 7.0
Redhat Enterprise Linux Eus 7.3, 7.4, 7.5
Redhat Enterprise Linux Desktop 5.0, 6.0, 7.0
Redhat Enterprise Linux Aus 7.3, 7.4
Redhat Enterprise Linux Server 5.0, 6.0, 7.0

References

NameSourceURLTags
RHSA-2016:2946http://rhn.redhat.com/errata/RHSA-2016-2946.htmlREDHATThird Party Advisory
RHSA-2016:2973http://rhn.redhat.com/errata/RHSA-2016-2973.htmlREDHATThird Party Advisory
94885http://www.securityfocus.com/bid/94885BIDThird Party Advisory VDB Entry
1037461http://www.securitytracker.com/id/1037461SECTRACKThird Party Advisory VDB Entry
https://bugzilla.mozilla.org/show_bug.cgi?id=1320057https://bugzilla.mozilla.org/show_bug.cgi?id=1320057CONFIRMIssue Tracking Patch
GLSA-201701-15https://security.gentoo.org/glsa/201701-15GENTOOThird Party Advisory
https://www.mozilla.org/security/advisories/mfsa2016-94/https://www.mozilla.org/security/advisories/mfsa2016-94/CONFIRMVendor Advisory
https://www.mozilla.org/security/advisories/mfsa2016-95/https://www.mozilla.org/security/advisories/mfsa2016-95/CONFIRMVendor Advisory