ALT-BU-2016-3184-1
Branch sisyphus update bulletin.
Closed vulnerabilities
BDU:2021-05334
Уязвимость реализации языка разметки SVG браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю выполнить произвольный код
Modified: 2024-11-21
CVE-2016-9078
Redirection from an HTTP connection to a "data:" URL assigns the referring site's origin to the "data:" URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been demonstrated without the ability to read them. Note: This issue only affects Firefox 49 and 50. This vulnerability affects Firefox < 50.0.1.
Modified: 2025-03-21
CVE-2016-9079
A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1.
- RHSA-2016:2843
- RHSA-2016:2843
- RHSA-2016:2850
- RHSA-2016:2850
- 94591
- 94591
- 1037370
- 1037370
- https://bugzilla.mozilla.org/show_bug.cgi?id=1321066
- https://bugzilla.mozilla.org/show_bug.cgi?id=1321066
- GLSA-201701-15
- GLSA-201701-15
- GLSA-201701-35
- GLSA-201701-35
- DSA-3730
- DSA-3730
- 41151
- 41151
- 42327
- 42327
- https://www.mozilla.org/security/advisories/mfsa2016-92/
- https://www.mozilla.org/security/advisories/mfsa2016-92/