1
PublicDateAtUSN: 2016-12-13
2
Candidate: CVE-2016-9902
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902
6
https://www.mozilla.org/en-US/security/advisories/mfsa2016-94/
7
https://usn.ubuntu.com/usn/usn-3155-1
9
The Pocket toolbar button, once activated, listens for events fired from
10
it's own pages but does not verify the origin of incoming events. This
11
allows content from other origins to fire events and inject content and
12
commands into the Pocket context. Note: this issue does not affect users
13
with e10s enabled. This vulnerability affects Firefox ESR < 45.6 and
20
Assigned-to: chrisccoulson
23
upstream_firefox: released (released 50.1.0)
24
precise_firefox: released (50.1.0+build2-0ubuntu0.12.04.1)
25
trusty_firefox: released (50.1.0+build2-0ubuntu0.14.04.1)
26
vivid/ubuntu-core_firefox: DNE
27
vivid/stable-phone-overlay_firefox: DNE
28
xenial_firefox: released (50.1.0+build2-0ubuntu0.16.04.1)
29
yakkety_firefox: released (50.1.0+build2-0ubuntu0.16.10.1)
30
devel_firefox: released (50.1.0+build2-0ubuntu1)
33
Priority_thunderbird: low
34
upstream_thunderbird: not-affected
35
precise_thunderbird: not-affected
36
trusty_thunderbird: not-affected
37
vivid/ubuntu-core_thunderbird: DNE
38
vivid/stable-phone-overlay_thunderbird: DNE
39
xenial_thunderbird: not-affected
40
yakkety_thunderbird: not-affected
41
devel_thunderbird: not-affected