PT-2016-3445 · Mozilla+2 · Firefox+2

Bob Owen

Published

2016-11-15

Updated

2024-12-12

CVE-2016-9072

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 50

Description The issue is related to the sandbox for 64-bit NPAPI plugins not being enabled by default when a new Firefox profile is created on 64-bit Windows installations. This can allow a remote attacker to bypass security restrictions. The issue only affects 64-bit Windows installations, while 32-bit Windows and other operating systems are unaffected.

Recommendations For Firefox versions prior to 50, update to version 50 or later to resolve the issue. As a temporary workaround, consider enabling the sandbox for 64-bit NPAPI plugins manually until a patch is applied.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-254

Related Identifiers

ALT-PU-2016-2307

BDU:2023-01952

CVE-2016-9072

OPENSUSE-SU-2016_3011-1

OPENSUSE-SU-2024:10071-1

OPENSUSE-SU-2024:14572-1

Affected Products

Alt Linux

Firefox

Suse

PT-2016-3445 · Mozilla+2 · Firefox+2

CVE-2016-9072

Weakness Enumeration

Related Identifiers

Affected Products

References · 2065