SB2016122608 - Security Features in firefox-esr (Alpine package)
Published: December 26, 2016
Security Bulletin ID
SB2016122608
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Security Features (CVE-ID: CVE-2016-9900)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of "data:" URLs. This could allow for cross-domain data leakage. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
Remediation
Install update from vendor's website.