CVE-2016-9905 — Improper Access Control in Mozilla Firefox ESR

CWE-284 — Improper Access Control8 documents7 sources

Severity

8.8HIGHNVD

OSV9.8

EPSS

1.2%

top 21.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox ESR Mozilla Thunderbird Mozilla Firefox +6 more

Timeline

PublishedJun 11

Latest updateMay 14

Description

A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents. This vulnerability affects Firefox ESR < 45.6 and Thunderbird < 45.6.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages10 packages

▶debiandebian/firefox< firefox-esr 45.6.0esr-1 (bookworm)

▶NVDmozilla/firefox< 45.6.0

▶debiandebian/firefox-esr< firefox-esr 45.6.0esr-1 (bookworm)

▶CVEListV5mozilla/firefox_esrunspecified — 45.6

▶CVEListV5mozilla/thunderbirdunspecified — 45.6

Also affects: Debian Linux 8.0

Patches

Patch: bugzilla.mozilla.org ↗Patch: bugzilla.mozilla.org ↗

🔴Vulnerability Details

GHSA

GHSA-2f28-6595-fhpf: A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents↗2022-05-14

▶

OSV

CVE-2016-9905: A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents↗2018-06-11

▶

OSV

thunderbird vulnerabilities↗2017-01-28

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2017-01-28

▶

Red Hat

Mozilla: Crash in EnumerateSubDocuments (MFSA 2016-94, MFSA 2016-95)↗2016-12-14

▶

Debian

CVE-2016-9905: firefox - A potentially exploitable crash in "EnumerateSubDocuments" while adding or remov...↗2016

▶

💬Community

Bugzilla

CVE-2016-9905 Mozilla: Crash in EnumerateSubDocuments (MFSA 2016-94, MFSA 2016-95)↗2016-12-13

▶