An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N
Vendors Products
Mozilla
  • Firefox Esr
  • Thunderbird
  • Firefox
Debian
  • Debian Linux
Redhat
  • Enterprise Linux Desktop
  • Enterprise Linux Workstation
  • Enterprise Linux Server

Configuration 1 [-]

OR cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
References
Link Resource
http://rhn.redhat.com/errata/RHSA-2016-2946.html Third Party Advisory
http://www.securityfocus.com/bid/94885 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1037461 Third Party Advisory VDB Entry
https://bugzilla.mozilla.org/show_bug.cgi?id=1317936 Issue Tracking Patch
https://security.gentoo.org/glsa/201701-15 Third Party Advisory
https://www.debian.org/security/2017/dsa-3757 Third Party Advisory
https://www.mozilla.org/security/advisories/mfsa2016-94/ Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2016-95/ Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2016-96/ Vendor Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mozilla

Published: 2018-06-11T21:00:00

Updated: 2018-06-12T09:57:01

Reserved: 2016-12-07T00:00:00

Link: CVE-2016-9904

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2018-06-11T21:29:02.467

Modified: 2018-08-01T13:37:30.943

Link: CVE-2016-9904

JSON object: View

cve-icon Redhat Information

No data.

CWE