2016-10-23
ALT-BU-2016-3076-1
Branch sisyphus update bulletin.
Closed vulnerabilities
Published: 2018-06-12
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2016-5287
A potentially exploitable use-after-free crash during actor destruction with service workers. This issue does not affect releases earlier than Firefox 49. This vulnerability affects Firefox < 49.0.2.
Severity: CRITICAL (9.8)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2018-06-12
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2016-5288
Web content could access information in the HTTP cache if e10s is disabled. This can reveal some visited URLs and the contents of those pages. This issue affects Firefox 48 and 49. This vulnerability affects Firefox < 49.0.2.
Severity: MEDIUM (5.9)
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References:
Closed vulnerabilities
Published: 2018-09-10
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2016-7067
Monit before version 5.20.0 is vulnerable to a cross site request forgery attack. Successful exploitation will enable an attacker to disable/enable all monitoring for a particular host or disable/enable monitoring for a specific service.
Severity: MEDIUM (6.5)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
References:
- 93953
- 93953
- https://bitbucket.org/tildeslash/monit/commits/c6ec3820e627f85417053e6336de2987f2d863e3?at=master
- https://bitbucket.org/tildeslash/monit/commits/c6ec3820e627f85417053e6336de2987f2d863e3?at=master
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7067
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7067
- [oss-security] 20161027 CVE-2016-7067 - CSRF in Monit Service Manager
- [oss-security] 20161027 CVE-2016-7067 - CSRF in Monit Service Manager