All errata/p8/ALT-PU-2016-2166-1
ALT-PU-2016-2166-1

Package update firefox in branch p8

Version49.0.2-alt0.M80P.1
Task#171275
Published2016-10-24
Max severityCRITICAL
Severity:

Closed issues (2)

CVE-2016-5287
CRITICAL9.8

A potentially exploitable use-after-free crash during actor destruction with service workers. This issue does not affect releases earlier than Firefox 49. This vulnerability affects Firefox < 49.0.2.

Published: 2018-06-11Modified: 2024-11-21
CVSS 2.0HIGH 7.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 3.xCRITICAL 9.8
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References
CVE-2016-5288
MEDIUM5.9

Web content could access information in the HTTP cache if e10s is disabled. This can reveal some visited URLs and the contents of those pages. This issue affects Firefox 48 and 49. This vulnerability affects Firefox < 49.0.2.

Published: 2018-06-11Modified: 2024-11-21
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSS 3.xMEDIUM 5.9
CVSS:3.x/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References