CVE-2016-9073: High severity Mozilla Firefox vulnerability
Published Nov 15, 2016
·Updated
WebExtensions can bypass security checks to load privileged URLs and potentially escape the WebExtension sandbox.
Affected Software
2 affected componentsFixes available
Mozilla Firefox<50
50
Mozilla Firefox<50.0
Event History
Nov 15, 2016
CVE Published
12:00 AM
Jun 11, 2018
CVE Published
via MITRE·09:00 PM
Data Sourced
via MITRE·09:00 PM
DescriptionWeakness
Peer vulnerabilities
Found alongside the following vulnerabilities.
- CVE-2016-5296
- CVE-2016-5292
- CVE-2016-5293
- CVE-2016-5294
- CVE-2016-5297
- CVE-2016-9064
- CVE-2016-9065
- CVE-2016-9066
- CVE-2016-9067
- CVE-2016-9068
- CVE-2016-9072
- CVE-2016-9075
- CVE-2016-9077
- CVE-2016-5291
- CVE-2016-5295
- CVE-2016-5298
- CVE-2016-5299
- CVE-2016-9061
- CVE-2016-9062
- CVE-2016-9070
- CVE-2016-9073
- CVE-2016-9074
- CVE-2016-9076
- CVE-2016-9063
- CVE-2016-9071
- CVE-2016-5289
- CVE-2016-5290
Frequently Asked Questions
1
What is the vulnerability ID of this security issue?
The vulnerability ID of this security issue is CVE-2016-9073.
2
Which software is affected by this vulnerability?
This vulnerability affects Firefox versions below 50.
3
How severe is CVE-2016-9073?
CVE-2016-9073 has a severity score of 7.5 (high).
4
What can an attacker potentially do with this vulnerability?
An attacker can potentially load privileged URLs and escape the WebExtension sandbox.
5
Are there any references for additional information on this vulnerability?
Yes, you can find more information about CVE-2016-9073 at the following references: [Bugzilla](https://bugzilla.mozilla.org/show_bug.cgi?id=1289273), [Mozilla Security Advisories](https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/), [SecurityFocus](http://www.securityfocus.com/bid/94337).