{ "id": "CVE-2016-9904", "sourceIdentifier": "security@mozilla.org", "published": "2018-06-11T21:29:02.467", "lastModified": "2024-11-21T03:01:59.007", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6." }, { "lang": "es", "value": "Un atacante podr\u00eda utilizar un ataque de sincronizaci\u00f3n por JavaScript Map/Set para determinar si un atom est\u00e1 siendo empleado por otro compartimento/zona en determinados contextos. Esto podr\u00eda emplearse para filtrar informaci\u00f3n, como nombres de usuario embebidos en c\u00f3digo JavaScript, en sitios web. La vulnerabilidad afecta a Firefox en versiones anteriores a la 50.1, Firefox ESR en versiones anteriores a la 45.6 y Thunderbird en versiones anteriores a la 45.6." } ], "metrics": { "cvssMetricV30": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE" }, "exploitabilityScore": 3.9, "impactScore": 3.6 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "baseScore": 5.0, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE" }, "baseSeverity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-200" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5" }, { "vulnerable": true, "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97" }, { "vulnerable": true, "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564" }, { "vulnerable": true, "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE" }, { "vulnerable": true, "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0" }, { "vulnerable": true, "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318" }, { "vulnerable": true, "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E" }, { "vulnerable": true, "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A" }, { "vulnerable": true, "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "versionEndExcluding": "51.0", "matchCriteriaId": "19A47E81-DD45-46A3-BB7F-C48882794EA6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "versionEndExcluding": "45.6.0", "matchCriteriaId": "DE18C0AB-9FDB-4705-9CAA-4262B76C0B54" }, { "vulnerable": true, "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "versionEndExcluding": "45.6.0", "matchCriteriaId": "A5797C2A-187E-48B8-97A0-F6B5E5EBF38C" } ] } ] } ], "references": [ { "url": "http://rhn.redhat.com/errata/RHSA-2016-2946.html", "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ] }, { "url": "http://www.securityfocus.com/bid/94885", "source": "security@mozilla.org", "tags": [ "Third Party Advisory", "VDB Entry" ] }, { "url": "http://www.securitytracker.com/id/1037461", "source": "security@mozilla.org", "tags": [ "Third Party Advisory", "VDB Entry" ] }, { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1317936", "source": "security@mozilla.org", "tags": [ "Issue Tracking", "Patch" ] }, { "url": "https://security.gentoo.org/glsa/201701-15", "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ] }, { "url": "https://www.debian.org/security/2017/dsa-3757", "source": "security@mozilla.org", "tags": [ "Third Party Advisory" ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2016-94/", "source": "security@mozilla.org", "tags": [ "Vendor Advisory" ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2016-95/", "source": "security@mozilla.org", "tags": [ "Vendor Advisory" ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2016-96/", "source": "security@mozilla.org", "tags": [ "Vendor Advisory" ] }, { "url": "http://rhn.redhat.com/errata/RHSA-2016-2946.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ] }, { "url": "http://www.securityfocus.com/bid/94885", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ] }, { "url": "http://www.securitytracker.com/id/1037461", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ] }, { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1317936", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Patch" ] }, { "url": "https://security.gentoo.org/glsa/201701-15", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ] }, { "url": "https://www.debian.org/security/2017/dsa-3757", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2016-94/", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2016-95/", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2016-96/", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ] } ] }