Design/Logic Flaw

Mozilla's add-ons SDK had a world-accessible resource with an HTML injection vulnerability. If an additional vulnerability allowed this resource to be loaded as a document it could allow injecting content and script into an add-on's context. This vulnerability affects Firefox 50.1...

CVE-2016-9903

CVE-2016-9903 is a cross-site scripting (XSS) vulnerability in Mozilla Firefox’s Add-ons SDK. The issue arises from a world-accessible resource that can be loaded as a document due to another vulnerability, enabling an attacker to inject content and script into the add-on context and potentially ...

Mozilla Firefox < 50.1 Multiple Vulnerabilities

Binary data 9851.prm...

CVE-2016-9903

Mozilla's add-ons SDK had a world-accessible resource with an HTML injection vulnerability. If an additional vulnerability allowed this resource to be loaded as a document it could allow injecting content and script into an add-on's context. This vulnerability affects Firefox 50.1...

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: CVE-2016-9894: Buffer overflow in SkiaGL CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements CVE-2016-9895: CSP bypass using marquee tag CVE-2016-9896: Use-after-free with WebVR CVE-2016-9897: Memory corruption in libGLES CVE-2016-9898:...