PT-2016-3445 · Mozilla+2 · Firefox+2

Bob Owen

Publicado

2016-11-15

Atualizado

2024-12-12

CVE-2016-9072

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 50

Description The issue is related to the sandbox for 64-bit NPAPI plugins not being enabled by default when a new Firefox profile is created on 64-bit Windows installations. This can allow a remote attacker to bypass security restrictions. The issue only affects 64-bit Windows installations, while 32-bit Windows and other operating systems are unaffected.

Recommendations For Firefox versions prior to 50, update to version 50 or later to resolve the issue. As a temporary workaround, consider enabling the sandbox for 64-bit NPAPI plugins manually until a patch is applied.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-254

Identificadores relacionados

ALT-PU-2016-2307

BDU:2023-01952

CVE-2016-9072

OPENSUSE-SU-2016_3011-1

OPENSUSE-SU-2024:10071-1

OPENSUSE-SU-2024:14572-1

Produtos afetados

Alt Linux

Firefox

Suse

PT-2016-3445 · Mozilla+2 · Firefox+2

CVE-2016-9072

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 2065