Lucene search

[email protected]NVD:CVE-2016-9895

HistoryJun 11, 2018 - 9:29 p.m.

CVE-2016-9895

2018-06-1121:29:01

CWE-254

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.0%

JSON

Event handlers on “marquee” elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.

Affected configurations

NVD

Node

debiandebian_linuxMatch9.0

Node

redhatenterprise_linuxMatch5.0

redhatenterprise_linuxMatch6.0

redhatenterprise_linuxMatch7.0

redhatenterprise_linux_desktopMatch5.0

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_serverMatch5.0

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_server_ausMatch7.3

redhatenterprise_linux_server_ausMatch7.4

redhatenterprise_linux_server_eusMatch7.3

redhatenterprise_linux_server_eusMatch7.4

redhatenterprise_linux_server_eusMatch7.5

redhatenterprise_linux_workstationMatch5.0

redhatenterprise_linux_workstationMatch6.0

redhatenterprise_linux_workstationMatch7.0

Node

mozillathunderbirdRange<45.6.0

Node

mozillafirefoxRange<50.1

Node

mozillafirefox_esrRange<45.6.0

References

rhn.redhat.com/errata/RHSA-2016-2946.html

rhn.redhat.com/errata/RHSA-2016-2973.html

www.securityfocus.com/bid/94885

www.securitytracker.com/id/1037461

bugzilla.mozilla.org/show_bug.cgi?id=1312272

security.gentoo.org/glsa/201701-15

www.debian.org/security/2017/dsa-3757

www.mozilla.org/security/advisories/mfsa2016-94/

www.mozilla.org/security/advisories/mfsa2016-95/

www.mozilla.org/security/advisories/mfsa2016-96/

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.0%

JSON

Related for NVD:CVE-2016-9895

cve1 veracode1 alpinelinux1 prion1 debiancve1 redhatcve1 cvelist1 ubuntucve1 openvas33 nessus31 oraclelinux2 redhat2 centos2 debian4 mageia3 osv3 kaspersky3 mozilla3 suse5 ibm2 freebsd1 archlinux1 ubuntu2 gentoo1