1
PublicDateAtUSN: 2016-08-03
2
Candidate: CVE-2016-5262
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5262
6
https://www.mozilla.org/en-US/security/advisories/mfsa2016-76/
7
https://bugzilla.mozilla.org/show_bug.cgi?id=1277475
8
https://usn.ubuntu.com/usn/usn-3044-1
10
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 process
11
JavaScript event-handler attributes of a MARQUEE element within a sandboxed
12
IFRAME element that lacks the sandbox="allow-scripts" attribute value,
13
which makes it easier for remote attackers to conduct cross-site scripting
14
(XSS) attacks via a crafted web site.
19
Discovered-by: Nikita Arykov
20
Assigned-to: chrisccoulson
23
upstream_firefox: released (48)
24
precise_firefox: released (48.0+build2-0ubuntu0.12.04.1)
25
trusty_firefox: released (48.0+build2-0ubuntu0.14.04.1)
26
vivid/ubuntu-core_firefox: DNE
27
vivid/stable-phone-overlay_firefox: DNE
28
xenial_firefox: released (48.0+build2-0ubuntu0.16.04.1)
29
devel_firefox: not-affected (48.0+build2-0ubuntu1)
32
Priority_thunderbird: low
33
upstream_thunderbird: not-affected
34
precise_thunderbird: not-affected
35
trusty_thunderbird: not-affected
36
vivid/ubuntu-core_thunderbird: DNE
37
vivid/stable-phone-overlay_thunderbird: DNE
38
xenial_thunderbird: not-affected
39
devel_thunderbird: not-affected