Vulnerability Details : CVE-2016-9904

An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
Vulnerability category: Information leak
Published 2018-06-11 21:29:02
Updated 2018-08-01 13:37:31
View at NVD,   CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2016-9904

Probability of exploitation activity in the next 30 days: 0.95%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 81 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2016-9904

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Source
5.0
MEDIUM AV:N/AC:L/Au:N/C:P/I:N/A:N
10.0
2.9
[email protected]
7.5
HIGH CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
3.9
3.6
[email protected]

CWE ids for CVE-2016-9904

References for CVE-2016-9904

Products affected by CVE-2016-9904

This web site uses cookies for managing your session and website analytics (Google analytics) purposes as described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!