CVE-2016-9905
published 2018-06-11CVE-2016-9905: A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents. This vulnerability affects Firefox ESR < 45.6 and…
PriorityP339high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
EPSS
2.40%
82.0th percentile
A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents. This vulnerability affects Firefox ESR < 45.6 and Thunderbird < 45.6.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | firefox | < firefox-esr 45.6.0esr-1 (bookworm) | firefox-esr 45.6.0esr-1 (bookworm) |
| debian | firefox-esr | < firefox-esr 45.6.0esr-1 (bookworm) | firefox-esr 45.6.0esr-1 (bookworm) |
| mozilla | firefox | < 45.6.0 | 45.6.0 |
| mozilla | firefox_esr | >= unspecified < 45.6 | 45.6 |
| mozilla | thunderbird | < 45.6.0 | 45.6.0 |
| mozilla | thunderbird | >= 0 < 1:45.7.0+build1-0ubuntu0.14.04.1 | 1:45.7.0+build1-0ubuntu0.14.04.1 |
| mozilla | thunderbird | >= 0 < 1:45.7.0+build1-0ubuntu0.16.04.1 | 1:45.7.0+build1-0ubuntu0.16.04.1 |
| mozilla | thunderbird | >= unspecified < 45.6 | 45.6 |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_workstation | — | — |
| redhat | enterprise_linux_workstation | — | — |
| redhat | enterprise_linux_workstation | — | — |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_ubuntu9.8CRITICAL
vendor_debian8.8LOW
vendor_redhat8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Thunderbird vulnerabilities
vendor_ubuntu·2017-01-28·CVSS 9.8
CVE-2016-9893 [CRITICAL] Thunderbird vulnerabilities
Title: Thunderbird vulnerabilities
Summary: Several security issues were fixed in Thunderbird.
Multiple memory safety issues were discovered in Thunderbird. If a user were
tricked in to opening a specially crafted message, an attacker could
potentially exploit these to cause a denial of service via application
crash, or execute arbitrary code. (CVE-2016-9893, CVE-2017-5373)
Andrew Krasichkov discovered that event handlers on elements
were executed despite a Content Security Policy (CSP) that disallowed
inline JavaScript. If a user were tricked in to opening a specially
crafted website in a browsing context, an attacker could potentially
exploit this to conduct cross-site scripting (XSS) attacks.
(CVE-2016-9895)
A memory corruption issue was discovered in WebGL in some circumstances.
If
Red Hat
Mozilla: Crash in EnumerateSubDocuments (MFSA 2016-94, MFSA 2016-95)
vendor_redhat·2016-12-14·CVSS 8.8
CVE-2016-9905 [HIGH] Mozilla: Crash in EnumerateSubDocuments (MFSA 2016-94, MFSA 2016-95)
Mozilla: Crash in EnumerateSubDocuments (MFSA 2016-94, MFSA 2016-95)
A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents. This vulnerability affects Firefox ESR < 45.6 and Thunderbird < 45.6.
Debian
CVE-2016-9905: firefox - A potentially exploitable crash in "EnumerateSubDocuments" while adding or remov...
vendor_debian·2016·CVSS 8.8
CVE-2016-9905 [HIGH] CVE-2016-9905: firefox - A potentially exploitable crash in "EnumerateSubDocuments" while adding or remov...
A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents. This vulnerability affects Firefox ESR < 45.6 and Thunderbird < 45.6.
Scope: local
sid: resolved
GHSA
GHSA-2f28-6595-fhpf: A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents
ghsa_unreviewed·2022-05-14
CVE-2016-9905 [HIGH] CWE-284 GHSA-2f28-6595-fhpf: A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents
A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents. This vulnerability affects Firefox ESR < 45.6 and Thunderbird < 45.6.
OSV
CVE-2016-9905: A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents
osv·2018-06-11·CVSS 8.8
CVE-2016-9905 [HIGH] CVE-2016-9905: A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents
A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents. This vulnerability affects Firefox ESR < 45.6 and Thunderbird < 45.6.
OSV
thunderbird vulnerabilities
osv·2017-01-28·CVSS 9.8
CVE-2016-9893 [CRITICAL] thunderbird vulnerabilities
thunderbird vulnerabilities
Multiple memory safety issues were discovered in Thunderbird. If a user were
tricked in to opening a specially crafted message, an attacker could
potentially exploit these to cause a denial of service via application
crash, or execute arbitrary code. (CVE-2016-9893, CVE-2017-5373)
Andrew Krasichkov discovered that event handlers on elements
were executed despite a Content Security Policy (CSP) that disallowed
inline JavaScript. If a user were tricked in to opening a specially
crafted website in a browsing context, an attacker could potentially
exploit this to conduct cross-site scripting (XSS) attacks.
(CVE-2016-9895)
A memory corruption issue was discovered in WebGL in some circumstances.
If a user were tricked in to opening a specially crafted website in a
No detection rules found.
No public exploits indexed.
http://rhn.redhat.com/errata/RHSA-2016-2946.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2973.htmlhttp://www.securityfocus.com/bid/94884http://www.securitytracker.com/id/1037462https://bugzilla.mozilla.org/show_bug.cgi?id=1293985https://security.gentoo.org/glsa/201701-15https://www.debian.org/security/2017/dsa-3757https://www.mozilla.org/security/advisories/mfsa2016-95/https://www.mozilla.org/security/advisories/mfsa2016-96/http://rhn.redhat.com/errata/RHSA-2016-2946.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2973.htmlhttp://www.securityfocus.com/bid/94884http://www.securitytracker.com/id/1037462https://bugzilla.mozilla.org/show_bug.cgi?id=1293985https://security.gentoo.org/glsa/201701-15https://www.debian.org/security/2017/dsa-3757https://www.mozilla.org/security/advisories/mfsa2016-95/https://www.mozilla.org/security/advisories/mfsa2016-96/
2018-06-11
Published