CVE-2016-9904
published 2018-06-11CVE-2016-9904: An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be…
PriorityP336high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EPSS
2.75%
84.4th percentile
An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | firefox | < firefox 50.1.0-1 (sid) | firefox 50.1.0-1 (sid) |
| debian | firefox-esr | < firefox 50.1.0-1 (sid) | firefox 50.1.0-1 (sid) |
| linux | linux_kernel | >= 0 < 3.13.0-101.148 | 3.13.0-101.148 |
| mozilla | firefox | < 45.6.0 | 45.6.0 |
| mozilla | firefox | < 51.0 | 51.0 |
| mozilla | firefox | >= 0 < 50.1.0+build2-0ubuntu0.14.04.1 | 50.1.0+build2-0ubuntu0.14.04.1 |
| mozilla | firefox | >= 0 < 50.1.0+build2-0ubuntu0.16.04.1 | 50.1.0+build2-0ubuntu0.16.04.1 |
| mozilla | firefox | >= unspecified < 50.1 | 50.1 |
| mozilla | firefox_esr | >= unspecified < 45.6 | 45.6 |
| mozilla | thunderbird | < 45.6.0 | 45.6.0 |
| mozilla | thunderbird | >= 0 < 1:45.7.0+build1-0ubuntu0.14.04.1 | 1:45.7.0+build1-0ubuntu0.14.04.1 |
| mozilla | thunderbird | >= 0 < 1:45.7.0+build1-0ubuntu0.16.04.1 | 1:45.7.0+build1-0ubuntu0.16.04.1 |
| mozilla | thunderbird | >= unspecified < 45.6 | 45.6 |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_workstation | — | — |
| redhat | enterprise_linux_workstation | — | — |
| redhat | enterprise_linux_workstation | — | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv9.8CRITICAL
vendor_ubuntu9.8CRITICAL
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Thunderbird vulnerabilities
vendor_ubuntu·2017-01-28·CVSS 9.8
CVE-2016-9893 [CRITICAL] Thunderbird vulnerabilities
Title: Thunderbird vulnerabilities
Summary: Several security issues were fixed in Thunderbird.
Multiple memory safety issues were discovered in Thunderbird. If a user were
tricked in to opening a specially crafted message, an attacker could
potentially exploit these to cause a denial of service via application
crash, or execute arbitrary code. (CVE-2016-9893, CVE-2017-5373)
Andrew Krasichkov discovered that event handlers on elements
were executed despite a Content Security Policy (CSP) that disallowed
inline JavaScript. If a user were tricked in to opening a specially
crafted website in a browsing context, an attacker could potentially
exploit this to conduct cross-site scripting (XSS) attacks.
(CVE-2016-9895)
A memory corruption issue was discovered in WebGL in some circumstances.
If
Red Hat
Mozilla: Cross-origin information leak in shared atoms (MFSA 2016-94, MFSA 2016-95)
vendor_redhat·2016-12-14·CVSS 7.5
CVE-2016-9904 [HIGH] Mozilla: Cross-origin information leak in shared atoms (MFSA 2016-94, MFSA 2016-95)
Mozilla: Cross-origin information leak in shared atoms (MFSA 2016-94, MFSA 2016-95)
An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
Package: thunderbird (Red Hat Enterprise Linux 5) - Not affected
Package: thunderbird (Red Hat Enterprise Linux 6) - Not affected
Package: thunderbird (Red Hat Enterprise Linux 7) - Not affected
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2016-12-13·CVSS 9.8
CVE-2016-9080 [CRITICAL] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Multiple security vulnerabilities were discovered in Firefox. If a user
were tricked in to opening a specially crafted website, an attacker could
potentially exploit these to conduct cross-site scripting (XSS) attacks,
obtain sensitive information, cause a denial of service via application
crash, or execute arbitrary code. (CVE-2016-9080, CVE-2016-9893,
CVE-2016-9894, CVE-2016-9895, CVE-2016-9896, CVE-2016-9897, CVE-2016-9898,
CVE-2016-9899, CVE-2016-9900, CVE-2016-9901, CVE-2016-9902, CVE-2016-9903,
CVE-2016-9904)
Instructions: After a standard system update you need to restart Firefox to make
all the necessary changes.
Debian
CVE-2016-9904: firefox - An attacker could use a JavaScript Map/Set timing attack to determine whether an...
vendor_debian·2016·CVSS 7.5
CVE-2016-9904 [HIGH] CVE-2016-9904: firefox - An attacker could use a JavaScript Map/Set timing attack to determine whether an...
An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
Scope: local
sid: resolved (fixed in 50.1.0-1)
GHSA
GHSA-h92w-5p82-frc3: An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts
ghsa_unreviewed·2022-05-14
CVE-2016-9904 [HIGH] CWE-200 GHSA-h92w-5p82-frc3: An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts
An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
OSV
CVE-2016-9904: An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts
osv·2018-06-11·CVSS 7.5
CVE-2016-9904 [HIGH] CVE-2016-9904: An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts
An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
OSV
thunderbird vulnerabilities
osv·2017-01-28·CVSS 9.8
CVE-2016-9893 [CRITICAL] thunderbird vulnerabilities
thunderbird vulnerabilities
Multiple memory safety issues were discovered in Thunderbird. If a user were
tricked in to opening a specially crafted message, an attacker could
potentially exploit these to cause a denial of service via application
crash, or execute arbitrary code. (CVE-2016-9893, CVE-2017-5373)
Andrew Krasichkov discovered that event handlers on elements
were executed despite a Content Security Policy (CSP) that disallowed
inline JavaScript. If a user were tricked in to opening a specially
crafted website in a browsing context, an attacker could potentially
exploit this to conduct cross-site scripting (XSS) attacks.
(CVE-2016-9895)
A memory corruption issue was discovered in WebGL in some circumstances.
If a user were tricked in to opening a specially crafted website in a
OSV
firefox vulnerabilities
osv·2016-12-13·CVSS 9.8
CVE-2016-9080 [CRITICAL] firefox vulnerabilities
firefox vulnerabilities
Multiple security vulnerabilities were discovered in Firefox. If a user
were tricked in to opening a specially crafted website, an attacker could
potentially exploit these to conduct cross-site scripting (XSS) attacks,
obtain sensitive information, cause a denial of service via application
crash, or execute arbitrary code. (CVE-2016-9080, CVE-2016-9893,
CVE-2016-9894, CVE-2016-9895, CVE-2016-9896, CVE-2016-9897, CVE-2016-9898,
CVE-2016-9899, CVE-2016-9900, CVE-2016-9901, CVE-2016-9902, CVE-2016-9903,
CVE-2016-9904)
OSV
linux vulnerabilities
osv·2016-11-11·CVSS 7.8
CVE-2014-9904 linux vulnerabilities
linux vulnerabilities
It was discovered that the compression handling code in the Advanced Linux
Sound Architecture (ALSA) subsystem in the Linux kernel did not properly
check for an integer overflow. A local attacker could use this to cause a
denial of service (system crash). (CVE-2014-9904)
Kirill A. Shutemov discovered that memory manager in the Linux kernel did
not properly handle anonymous pages. A local attacker could use this to
cause a denial of service or possibly gain administrative privileges.
(CVE-2015-3288)
Vitaly Kuznetsov discovered that the Linux kernel did not properly suppress
hugetlbfs support in X86 paravirtualized guests. An attacker in the guest
OS could cause a denial of service (guest system crash). (CVE-2016-3961)
Ondrej Kozina discovered that the keyring inter
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2016-9904 Mozilla: Cross-origin information leak in shared atoms (MFSA 2016-94, MFSA 2016-95)
bugzilla·2016-12-13·CVSS 7.5
CVE-2016-9904 [HIGH] CVE-2016-9904 Mozilla: Cross-origin information leak in shared atoms (MFSA 2016-94, MFSA 2016-95)
CVE-2016-9904 Mozilla: Cross-origin information leak in shared atoms (MFSA 2016-94, MFSA 2016-95)
An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites.
External Reference:
https://www.mozilla.org/security/announce/2016/mfsa2016-95/#CVE-2016-9904
Acknowledgements:
Name: the Mozilla project
Upstream: Jann Horn
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Via RHSA-2016:2946 https://rhn.redhat.com/errata/RHSA-2016-2946.html
Bugzilla
CVE-2012-6703 kernel: Integer overflow in compress_core
bugzilla·2016-06-29·CVSS 7.8
CVE-2012-6703 [HIGH] CVE-2012-6703 kernel: Integer overflow in compress_core
CVE-2012-6703 kernel: Integer overflow in compress_core
An integer overflow was found in snd_compr_allocate_buffer(), that could result into allocating smaller buffer than expected.
Upstream patch:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b35cc8225845112a616e3a2266d2fde5ab13d3ab
The patch was incomplete and introduced another issues known as CVE-2014-9904.
CVE assignment:
http://seclists.org/oss-sec/2016/q2/616
http://rhn.redhat.com/errata/RHSA-2016-2946.htmlhttp://www.securityfocus.com/bid/94885http://www.securitytracker.com/id/1037461https://bugzilla.mozilla.org/show_bug.cgi?id=1317936https://security.gentoo.org/glsa/201701-15https://www.debian.org/security/2017/dsa-3757https://www.mozilla.org/security/advisories/mfsa2016-94/https://www.mozilla.org/security/advisories/mfsa2016-95/https://www.mozilla.org/security/advisories/mfsa2016-96/http://rhn.redhat.com/errata/RHSA-2016-2946.htmlhttp://www.securityfocus.com/bid/94885http://www.securitytracker.com/id/1037461https://bugzilla.mozilla.org/show_bug.cgi?id=1317936https://security.gentoo.org/glsa/201701-15https://www.debian.org/security/2017/dsa-3757https://www.mozilla.org/security/advisories/mfsa2016-94/https://www.mozilla.org/security/advisories/mfsa2016-95/https://www.mozilla.org/security/advisories/mfsa2016-96/
2018-06-11
Published