94337

1037298

1039427

https://bugzilla.mozilla.org/show_bug.cgi?id=1274777

DSA-3898

https://www.mozilla.org/security/advisories/mfsa2016-89/

The remote host is running a version of macOS that is prior to 10.13. It is, therefore, affected by multiple vulnerabilities in the following components :

 - Apache
 - AppSandbox
 - AppleScript
 - Application Firewall
 - ATS
 - Audio
 - CFNetwork
 - CFNetwork Proxies
 - CFString
 - Captive Network Assistant
 - CoreAudio
 - CoreText
 - DesktopServices
 - Directory Utility
 - file
 - Fonts
 - fsck_msdos
 - HFS
 - Heimdal
 - HelpViewer
 - IOFireWireFamily
 - ImageIO
 - Installer
 - Kernel
 - kext tools
 - libarchive
 - libc
 - libexpat
 - Mail
 - Mail Drafts
 - ntp
 - Open Scripting Architecture
 - PCRE
 - Postfix
 - Quick Look
 - QuickTime
 - Remote Management
 - SQLite
 - Sandbox
 - Screen Lock
 - Security
 - Spotlight
 - WebKit
 - zlib

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

Mitre reports :

An integer overflow during the parsing of XML using the Expat library.

XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.

python release notes :

Multiple vulnerabilities has been fixed in this release. Please refer to the CVE list for details.

New python packages are available for Slackware 14.0, 14.1, 14.2, and
-current to fix security issues.

Python reports :

Multiple vulnerabilities have been fixed in Python 2.7.14. Please refer to the CVE list for details.

The remote host is running a version of Mac OS X that is prior to 10.10.5, 10.11.x prior to 10.11.6, 10.12.x prior to 10.12.6, or is not macOS 10.13. It is, therefore, affected by multiple vulnerabilities in the following components :

  - apache
  - AppSandbox
  - AppleScript
  - Application Firewall
  - ATS
  - Audio
  - CFNetwork
  - CFNetwork Proxies
  - CFString
  - Captive Network Assistant
  - CoreAudio
  - CoreText
  - DesktopServices
  - Directory Utility
  - file
  - Fonts
  - fsck_msdos
  - HFS
  - Heimdal
  - HelpViewer
  - IOFireWireFamily
  - ImageIO
  - Installer
  - Kernel
  - kext tools
  - libarchive
  - libc
  - libexpat
  - Mail
  - Mail Drafts
  - ntp
  - Open Scripting Architecture
  - PCRE
  - Postfix
  - Quick Look
  - QuickTime
  - Remote Management
  - SQLite
  - Sandbox
  - Screen Lock
  - Security
  - Spotlight
  - WebKit
  - zlib

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

New python packages are available for Slackware 14.0, 14.1, 14.2, and
-current to fix a security issue.

This update for expat fixes the following issues :

  - CVE-2016-9063: Possible integer overflow to fix inside     XML_Parse leading to unexpected behaviour (bsc#1047240)

  - CVE-2017-9233: External Entity Vulnerability could lead     to denial of service (bsc#1047236)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for expat fixes the following issues :

  - CVE-2016-9063: Possible integer overflow to fix inside     XML_Parse leading to unexpected behaviour (bsc#1047240)

  - CVE-2017-9233: External Entity Vulnerability could lead     to denial of service (bsc#1047236)

This update was imported from the SUSE:SLE-12:Update update project.

https://github.com/libexpat/libexpat/blob/R_2_2_1/expat/Changes

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Multiple vulnerabilities have been discovered in Expat, an XML parsing C library. The Common Vulnerabilities and Exposures project identifies the following problems :

  - CVE-2016-9063     Gustavo Grieco discovered an integer overflow flaw     during parsing of XML. An attacker can take advantage of     this flaw to cause a denial of service against an     application using the Expat library.

  - CVE-2017-9233     Rhodri James discovered an infinite loop vulnerability     within the entityValueInitProcessor() function while     parsing malformed XML in an external entity. An attacker     can take advantage of this flaw to cause a denial of     service against an application using the Expat library.

This update to Mozilla Firefox 50.0.2, Thunderbird 45.5.1 and NSS 3.16.2 fixes a number of security issues.

The following vulnerabilities were fixed in Mozilla Firefox (MFSA 2016-89) :

  - CVE-2016-5296: Heap-buffer-overflow WRITE in     rasterize_edges_1 (bmo#1292443)

  - CVE-2016-5292: URL parsing causes crash (bmo#1288482)

  - CVE-2016-5297: Incorrect argument length checking in     JavaScript (bmo#1303678)

  - CVE-2016-9064: Addons update must verify IDs match     between current and new versions (bmo#1303418)

  - CVE-2016-9066: Integer overflow leading to a buffer     overflow in nsScriptLoadHandler (bmo#1299686)

  - CVE-2016-9067: heap-use-after-free in     nsINode::ReplaceOrInsertBefore (bmo#1301777, bmo#1308922     (CVE-2016-9069))

  - CVE-2016-9068: heap-use-after-free in nsRefreshDriver     (bmo#1302973)

  - CVE-2016-9075: WebExtensions can access the     mozAddonManager API and use it to gain elevated     privileges (bmo#1295324)

  - CVE-2016-9077: Canvas filters allow feDisplacementMaps     to be applied to cross-origin images, allowing timing     attacks on them (bmo#1298552)

  - CVE-2016-5291: Same-origin policy violation using local     HTML file and saved shortcut file (bmo#1292159)

  - CVE-2016-9070: Sidebar bookmark can have reference to     chrome window (bmo#1281071)

  - CVE-2016-9073: windows.create schema doesn't specify     'format': 'relativeUrl' (bmo#1289273)

  - CVE-2016-9076: select dropdown menu can be used for URL     bar spoofing on e10s (bmo#1276976)

  - CVE-2016-9063: Possible integer overflow to fix inside     XML_Parse in expat (bmo#1274777)

  - CVE-2016-9071: Probe browser history via HSTS/301     redirect + CSP (bmo#1285003)

  - CVE-2016-5289: Memory safety bugs fixed in Firefox 50

  - CVE-2016-5290: Memory safety bugs fixed in Firefox 50     and Firefox ESR 45.5

    The following vulnerabilities were fixed in Mozilla NSS     3.26.1 :

  - CVE-2016-9074: Insufficient timing side-channel     resistance in divSpoiler (bmo#1293334)

    Mozilla Firefox now requires mozilla-nss 3.26.2.

    New features in Mozilla Firefox :

  - Updates to keyboard shortcuts Set a preference to have     Ctrl+Tab cycle through tabs in recently used order View     a page in Reader Mode by using Ctrl+Alt+R

  - Added option to Find in page that allows users to limit     search to whole words only

  - Added download protection for a large number of     executable file types on Windows, Mac and Linux

  - Fixed rendering of dashed and dotted borders with     rounded corners (border-radius)

  - Added a built-in Emoji set for operating systems without     native Emoji fonts

  - Blocked versions of libavcodec older than 54.35.1

  - additional locale

    mozilla-nss was updated to 3.26.2, incorporating the     following changes :

  - the selfserv test utility has been enhanced to support     ALPN (HTTP/1.1) and 0-RTT

  - The following CA certificate was added: CN = ISRG Root     X1

  - NPN is disabled and ALPN is enabled by default

  - MD5 signature algorithms sent by the server in     CertificateRequest messages are now properly ignored

Versions of Mozilla Firefox prior to 50.0 are unpatched for the following vulnerabilities :

 - An overflow condition exists in the 'RASTERIZE_EDGES()' function in 'gfx/cairo/libpixman/src/pixman-edge-imp.h'. The issue is triggered as certain input is not properly validated when handling SVG content. This may allow a context-dependent attacker to cause a heap-based overflow, potentially allowing the execution of arbitrary code.
 - A flaw exists in the 'net_CoalesceDirs()' function in 'netwerk/base/nsURLHelper.cpp' that is triggered when handling specially crafted URLs. This may allow a context-dependent attacker to potentially execute arbitrary code.
 - A flaw exists that is triggered when the Mozilla Updater is run with the updater's log file in the working directory pointing to a hardlink. This may allow a local attacker to append data to an arbitrary local file.
 - A flaw exists in the Mozilla Updater that is triggered as it may select an arbitrary target working directory to output files from the update process. No further details have been provided by the vendor.
 - A flaw exists that is triggered when length checking JavaScript arguments. This may allow a context-dependent attacker to have an unspecified impact.
 - A flaw exists that is triggered as add-on update IDs are not properly validated. This may allow an attacker with the ability to intercept network traffic '(e.g'. MitM, DNS cache poisoning) to provide malicious add-on updates.
 - A flaw exists that is triggered when a context-dependent attacker forces a user into full-screen mode, which may potentially allow the attacker to use a fake location bar to perform spoofing attacks.
 - An integer overflow condition exists in the 'nsScriptLoadHandler::TryDecodeRawData()' function in 'dom/base/nsScriptLoader.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to cause a buffer overflow, potentially allowing the execution of arbitrary code.
 - A use-after-free error exists in the 'nsINode::ReplaceOrInsertBefore()' function in 'dom/base/nsINode.cpp' that is triggered when handling certain DOM operations. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.
 - A use-after-free error exists in the 'nsINode::Prepend()' function in 'dom/base/nsINode.cpp' that is triggered when handling DOM operations. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.
 - A use-after-free error exists in 'nsRefreshDriver'. The issue is triggered when handling web animation timelines. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.
 - A flaw exists in 'dom/plugins/base/nsPluginTags.cpp' that is triggered as the sandbox for 64-bit NPAPI plugins may not be enabled by default. This may potentially result in less secure behavior than intended.
 - A flaw exists in 'toolkit/components/extensions/ExtensionContent.jsm' that is triggered as WebExtensions may inappropriately access the mozAddonManager API. This may allow a context-dependent attacker to use a specially crafted extension to install further extensions without a user's permission.
 - A flaw exists in 'dom/canvas/CanvasRenderingContext2D.cpp' that is triggered by the use of the feDisplacementMap filter on images that are loaded cross-origin. This may allow a context-dependent attacker to conduct a timing attack and have an unspecified impact.
 - A flaw exists in the 'nsBaseChannel::Redirect()' function in 'netwerk/base/nsBaseChannel.cpp'. The issue is triggered as local shortcut files may be used to bypass the same-origin policy and load local content from the disk.
 - A flaw exists in the 'ProcessSoftwareUpdateCommand()' function in 'toolkit/components/maintenanceservice/workmonitor.cpp', as it may copy 'updater.exe' from untrusted directories. This may allow a local attacker to read files with SYSTEM privileges.
 - A flaw exists that is triggered when a page load is disrupted. This may result in the previous page's favicon and SSL indicator persisting, potentially misleading a user about the URL of the page being visited.
 - A flaw exists that is triggered when a previously installed application defines the same signature-level permissions as Firefox. This may allow a local attacker to intercept and disclose AuthTokens intended to be sent to Firefox.
 - A flaw exists that is triggered when a previously installed application defines the same signature-level permissions as Firefox. This may allow a local attacker to intercept and disclose API keys intended to be sent to Firefox.
 - A flaw exists in 'mobile/android/base/java/org/mozilla/gecko/PrivateTab.java' that is triggered, as browsing metadata from private browsing may persist in the 'browser.db' and 'browser.db'-wal files within a Firefox profile. This may potentially allow a physically present attacker to disclose information about private browsing.
 - A flaw exists in 'dom/bindings/Codegen.py' that is triggered when loading pages in a sidebar via a bookmark. This may allow the page to reference a privileged chrome window, violating the same-origin policy and engaging in limited JavaScript operations.
 - A flaw exists that is triggered as the 'windows.create' schema doesn't specify "format": "relativeUrl". This may allow a context-dependent attacker to escape the WebExtension sandbox.
 - An unspecified flaw exists in 'divSpoiler' that may allow an attacker to conduct a side-channel attack. No further details have been provided by the vendor.
 - A flaw exists that is triggered as the "select" dropdown menu may potentially cover location bar content, allowing a context-dependent attacker to spoof the location bar.
 - An integer overflow condition exists in the 'XML_Parse()' function in 'parser/expat/lib/xmlparse.c'. The issue is triggered as certain input is not properly validated when parsing XML content. This may allow a context-dependent attacker to have an unspecified impact.
 - A flaw exists in the 'nsCSPHostSrc::permits()' function in 'dom/security/nsCSPUtils.cpp' that is triggered when the Content Security Policy (CSP) is combined with HTTP to HTTPS redirection. This may potentially allow a context-dependent attacker to enumerate the existence of a known site in a user's browser history.
 - An unspecified flaw exists that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - A flaw exists in the 'EventListenerManager::GetListenerInfo()' function in 'dom/events/EventListenerManager.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - An unspecified flaw exists in 'dom/media/mediasource/TrackBuffersManager.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - A flaw exists in the 'WebrtcVideoConduit::CodecConfigToWebRTCCodec()' function in 'media/webrtc/signaling/src/media-conduit/VideoConduit.cpp' that is triggered when handling simulcast streams. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - An unspecified flaw exists in 'js/src/jit/arm64/MacroAssembler-arm64.h' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - An unspecified flaw exist that is triggered when handling screen/window/app capture. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - An unspecified flaw exists related to MessagePort not supporting transferable objects. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - A flaw exists that is triggered when handling DOM tree operations for 'insertBefore()' method calls. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - A flaw exists that is triggered when handling Ion-compiling of scripts with too many typesets. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - An unspecified flaw exists related to tracing of script pointers in off-thread compilation tasks. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - A flaw exists that is triggered when handling runtime checks for helper threads tracing. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - A flaw exists in the 'GlobalHelperThreadState::finishParseTask()' function in 'js/src/vm/HelperThreads.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - An unspecified flaw exists that is triggered as certain input is not properly validated when handling frames. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - A flaw exists that is triggered as certain input is not properly validated when handling HTML5 tokenizing. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - An unspecified flaw exists in 'dom/events/IMEStateManager.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - A flaw exists in the 'JSStructuredCloneWriter::transferOwnership()' function in 'js/src/vm/StructuredClone.cpp' that is triggered when handling user-defined structured clone tags. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.

Christian Holler, Andrew McCreight, Dan Minor, Tyson Smith, Jon Coppeard, Jan-Ivar Bruaroey, Jesse Ruderman, Markus Stange, Olli Pettay, Ehsan Akhgari, Gary Kwong, Tooru Fujisawa, and Randell Jesup discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5289, CVE-2016-5290)

A same-origin policy bypass was discovered with local HTML files in some circumstances. An attacker could potentially exploit this to obtain sensitive information. (CVE-2016-5291)

A crash was discovered when parsing URLs in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary code.
(CVE-2016-5292)

A heap buffer-overflow was discovered in Cairo when processing SVG content. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code.
(CVE-2016-5296)

An error was discovered in argument length checking in JavaScript. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5297)

An integer overflow was discovered in the Expat library. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2016-9063)

It was discovered that addon updates failed to verify that the addon ID inside the signed package matched the ID of the addon being updated. An attacker that could perform a man-in-the-middle (MITM) attack could potentially exploit this to provide malicious addon updates. (CVE-2016-9064)

A buffer overflow was discovered in nsScriptLoadHandler. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-9066)

2 use-after-free bugs were discovered during DOM operations in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code.
(CVE-2016-9067, CVE-2016-9069)

A heap use-after-free was discovered during web animations in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code.
(CVE-2016-9068)

It was discovered that a page loaded in to the sidebar through a bookmark could reference a privileged chrome window. An attacker could potentially exploit this to bypass same origin restrictions.
(CVE-2016-9070)

An issue was discovered with Content Security Policy (CSP) in combination with HTTP to HTTPS redirection. An attacker could potentially exploit this to verify whether a site is within the user's browsing history. (CVE-2016-9071)

An issue was discovered with the windows.create() WebExtensions API.
If a user were tricked in to installing a malicious extension, an attacker could potentially exploit this to escape the WebExtensions sandbox. (CVE-2016-9073)

It was discovered that WebExtensions can use the mozAddonManager API.
An attacker could potentially exploit this to install additional extensions without user permission. (CVE-2016-9075)

It was discovered that <select> element dropdown menus can cover location bar content when e10s is enabled. An attacker could potentially exploit this to conduct UI spoofing attacks.
(CVE-2016-9076)

It was discovered that canvas allows the use of the feDisplacementMap filter on cross-origin images. An attacker could potentially exploit this to conduct timing attacks. (CVE-2016-9077).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update to Mozilla Firefox 50.0 fixes a number of security issues.

The following vulnerabilities were fixed in Mozilla Firefox (MFSA 2016-89) :

  - CVE-2016-5296: Heap-buffer-overflow WRITE in     rasterize_edges_1 (bmo#1292443)

  - CVE-2016-5292: URL parsing causes crash (bmo#1288482)

  - CVE-2016-5297: Incorrect argument length checking in     JavaScript (bmo#1303678)

  - CVE-2016-9064: Addons update must verify IDs match     between current and new versions (bmo#1303418)

  - CVE-2016-9066: Integer overflow leading to a buffer     overflow in nsScriptLoadHandler (bmo#1299686)

  - CVE-2016-9067: heap-use-after-free in     nsINode::ReplaceOrInsertBefore (bmo#1301777, bmo#1308922     (CVE-2016-9069))

  - CVE-2016-9068: heap-use-after-free in nsRefreshDriver     (bmo#1302973)

  - CVE-2016-9075: WebExtensions can access the     mozAddonManager API and use it to gain elevated     privileges (bmo#1295324)

  - CVE-2016-9077: Canvas filters allow feDisplacementMaps     to be applied to cross-origin images, allowing timing     attacks on them (bmo#1298552)

  - CVE-2016-5291: Same-origin policy violation using local     HTML file and saved shortcut file (bmo#1292159)

  - CVE-2016-9070: Sidebar bookmark can have reference to     chrome window (bmo#1281071)

  - CVE-2016-9073: windows.create schema doesn't specify     'format': 'relativeUrl' (bmo#1289273)

  - CVE-2016-9076: select dropdown menu can be used for URL     bar spoofing on e10s (bmo#1276976)

  - CVE-2016-9063: Possible integer overflow to fix inside     XML_Parse in expat (bmo#1274777)

  - CVE-2016-9071: Probe browser history via HSTS/301     redirect + CSP (bmo#1285003)

  - CVE-2016-5289: Memory safety bugs fixed in Firefox 50

  - CVE-2016-5290: Memory safety bugs fixed in Firefox 50     and Firefox ESR 45.5

The following vulnerabilities were fixed in Mozilla NSS 3.26.1 :

  - CVE-2016-9074: Insufficient timing side-channel     resistance in divSpoiler (bmo#1293334) Mozilla Firefox     now requires mozilla-nss 3.26.2.

New features in Mozilla Firefox :

  - Updates to keyboard shortcuts Set a preference to have     Ctrl+Tab cycle through tabs in recently used order View     a page in Reader Mode by using Ctrl+Alt+R

  - Added option to Find in page that allows users to limit     search to whole words only

  - Added download protection for a large number of     executable file types on Windows, Mac and Linux

  - Fixed rendering of dashed and dotted borders with     rounded corners (border-radius)

  - Added a built-in Emoji set for operating systems without     native Emoji fonts

  - Blocked versions of libavcodec older than 54.35.1

  - additional locale

mozilla-nss was updated to 3.26.2, incorporating the following changes :

  - the selfserv test utility has been enhanced to support     ALPN (HTTP/1.1) and 0-RTT

  - The following CA certificate was added: CN = ISRG Root     X1

  - NPN is disabled and ALPN is enabled by default

  - MD5 signature algorithms sent by the server in     CertificateRequest messages are now properly ignored

The version of Mozilla Firefox installed on the remote Windows host is prior to 50.0. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.

The version of Mozilla Firefox installed on the remote macOS or Mac OS X host is prior to 50.0. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.

Mozilla Foundation reports :

Please reference CVE/URL list for details

ID	Name	Product	Family	Severity
700511	macOS < 10.13 Multiple Vulnerabilities	Nessus Network Monitor	Operating System Detection	critical
110934	FreeBSD : expat -- multiple vulnerabilities (e375ff3f-7fec-11e8-8088-28d244aee256)	Nessus	FreeBSD Local Security Checks	high
109594	FreeBSD : python 2.7 -- multiple vulnerabilities (8719b935-8bae-41ad-92ba-3c826f651219)	Nessus	FreeBSD Local Security Checks	high
109583	Slackware 14.0 / 14.1 / 14.2 / current : python (SSA:2018-124-01)	Nessus	Slackware Local Security Checks	high
103796	FreeBSD : Python 2.7 -- multiple vulnerabilities (9164f51e-ae20-11e7-a633-009c02a2ab30)	Nessus	FreeBSD Local Security Checks	high
103598	macOS < 10.13 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	critical
103424	Slackware 14.0 / 14.1 / 14.2 / current : python (SSA:2017-266-02)	Nessus	Slackware Local Security Checks	high
102989	SUSE SLES11 Security Update : expat (SUSE-SU-2017:2375-1)	Nessus	SuSE Local Security Checks	high
102946	openSUSE Security Update : expat (openSUSE-2017-993)	Nessus	SuSE Local Security Checks	high
102854	SUSE SLED12 / SLES12 Security Update : expat (SUSE-SU-2017:2299-1)	Nessus	SuSE Local Security Checks	high
101578	Fedora 26 : expat (2017-18601ad5d2)	Nessus	Fedora Local Security Checks	high
101509	Fedora 24 : expat (2017-a44f9aa38b)	Nessus	Fedora Local Security Checks	high
101499	Fedora 25 : expat (2017-2c5635cd97)	Nessus	Fedora Local Security Checks	high
101035	Debian DSA-3898-1 : expat - security update	Nessus	Debian Local Security Checks	high
95590	openSUSE Security Update : Mozilla Firefox / Thunderbird and NSS (openSUSE-2016-1407)	Nessus	SuSE Local Security Checks	high
9804	Mozilla Firefox < 50.0 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
95025	Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : firefox vulnerabilities (USN-3124-1)	Nessus	Ubuntu Local Security Checks	high
95022	openSUSE Security Update : MozillaFirefox / mozilla-nss (openSUSE-2016-1334)	Nessus	SuSE Local Security Checks	high
94960	Mozilla Firefox < 50.0 Multiple Vulnerabilities	Nessus	Windows	high
94958	Mozilla Firefox < 50.0 Multiple Vulnerabilities (macOS)	Nessus	MacOS X Local Security Checks	high
94904	FreeBSD : mozilla -- multiple vulnerabilities (d1853110-07f4-4645-895b-6fd462ad0589)	Nessus	FreeBSD Local Security Checks	high

CVE-2016-9063

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins