Mozilla: Resource Timing API is storing resources sent by the previous page (MFSA 2016-84, MFSA 2016-86)

Mozilla Firefox before 48.0, Firefox ESR 45.4 and Thunderbird 45.4 allow remote attackers to obtain sensitive information about the previously retrieved page via Resource Timing API calls...

openSUSE Security Update : MozillaFirefox / mozilla-nss (openSUSE-2016-960)

Mozilla Firefox was updated to 48.0 to fix security issues, bugs, and deliver various improvements. The following major changes are included : - Process separation e10s is enabled for some users - Add-ons that have not been verified and signed by Mozilla will not load - WebRTC enhancements - The...

Ubuntu 14.04 LTS / 16.04 LTS : Firefox vulnerabilities (USN-3044-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3044-1 advisory. Gustavo Grieco discovered an out-of-bounds read during XML parsing in some circumstances. If a user were tricked in to opening a specially...

Mozilla Firefox Resource Timing API Call Information Disclosure Vulnerability

Mozilla Firefox is an open source web browser; A security vulnerability exists in Mozilla Firefox's handling of Resource Timing API calls, which allows remote attackers to build malicious web pages that can be exploited to trick users into parsing and obtaining sensitive information related to th...

USN-3044-1: Firefox vulnerabilities

Gustavo Grieco discovered an out-of-bounds read during XML parsing in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or obtain sensitive information. CVE-2016-0718...

DEBIAN-CVE-2016-5250

Mozilla Firefox before 48.0, Firefox ESR 45.4 and Thunderbird 45.4 allow remote attackers to obtain sensitive information about the previously retrieved page via Resource Timing API calls...

CVE-2016-5250

Mozilla Firefox before 48.0, Firefox ESR 45.4 and Thunderbird 45.4 allow remote attackers to obtain sensitive information about the previously retrieved page via Resource Timing API calls...

Code injection

Mozilla Firefox before 48.0, Firefox ESR 45.4 and Thunderbird 45.4 allow remote attackers to obtain sensitive information about the previously retrieved page via Resource Timing API calls...

Security update for MozillaFirefox, mozilla-nss (important)

Mozilla Firefox was updated to 48.0 to fix security issues, bugs, and deliver various improvements. The following major changes are included: - Process separation e10s is enabled for some users - Add-ons that have not been verified and signed by Mozilla will not load - WebRTC enhancements - The...

CVE-2016-5250

Summary of CVE-2016-5250 : Mozilla Firefox before 48.0, Firefox ESR before 45.4, and Thunderbird before 45.4 are affected by a information disclosure vulnerability via Resource Timing API calls, allowing remote attackers to obtain sensitive information about the previously retrieved page. The iss...

CVE-2016-5250

Mozilla Firefox before 48.0, Firefox ESR 45.4 and Thunderbird 45.4 allow remote attackers to obtain sensitive information about the previously retrieved page via Resource Timing API calls...

CVE-2016-5250

Mozilla Firefox before 48.0, Firefox ESR 45.4 and Thunderbird 45.4 allow remote attackers to obtain sensitive information about the previously retrieved page via Resource Timing API calls...

CVE-2016-5250

Mozilla Firefox before 48.0, Firefox ESR 45.4 and Thunderbird 45.4 allow remote attackers to obtain sensitive information about the previously retrieved page via Resource Timing API calls...

UBUNTU-CVE-2016-5250

Mozilla Firefox before 48.0, Firefox ESR 45.4 and Thunderbird 45.4 allow remote attackers to obtain sensitive information about the previously retrieved page via Resource Timing API calls...

Information disclosure through Resource Timing API during page navigation — Mozilla

Amazon software engineer Catalin Dumitru reported that the URLs of resources loaded after a navigation started such as in an unload event handler were leaked to the following page through the Resource Timing API. This leads to potential information disclosure...

CVE-2016-1967

Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls aft...

CVE-2016-1967

Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls aft...

Mozilla Firefox Information Disclosure Vulnerability (CNVD-2015-08315)

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox versions prior to 43.0, which stems from the program's failure to properly limit the availability of time information in the IFRAME Resource...

CVE-2015-7207

Mozilla Firefox before 43.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls, a...

[USN-2735-1] Oxide vulnerabilities

========================================================================== Ubuntu Security Notice USN-2735-1 September 08, 2015 oxide-qt vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives...