Bug 1015535 (CVE-2016-9904)

Summary: VUL-0: CVE-2016-9904: MozillaFirefox: Cross-origin information leak in shared atoms
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Petr Cerny <pcerny>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Major    
Priority: P3 - Medium    
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard: CVSSv2:SUSE:CVE-2016-9894:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-9905:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-9900:4.3:(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVSSv2:RedHat:CVE-2016-9897:5.1:(AV:N/AC:H/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-9898:5.1:(AV:N/AC:H/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-9902:4.3:(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVSSv2:RedHat:CVE-2016-9899:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-9899:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-9897:5.1:(AV:N/AC:H/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-9893:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-9900:4.3:(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVSSv2:SUSE:CVE-2016-9903:0.0:(AV:N/AC:H/Au:M/C:N/I:N/A:N) CVSSv2:SUSE:CVE-2016-9901:5.1:(AV:N/AC:H/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-9896:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-9905:5.1:(AV:N/AC:H/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-9893:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-9898:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-9080:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-9895:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-9902:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-9895:4.3:(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVSSv2:SUSE:CVE-2016-9904:4.3:(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVSSv2:RedHat:CVE-2016-9901:4.3:(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVSSv2:RedHat:CVE-2016-9904:4.3:(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVSSv3:RedHat:CVE-2016-9898:5.6:(AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L) CVSSv3:RedHat:CVE-2016-9902:5.3:(AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVSSv3:RedHat:CVE-2016-9900:5.3:(AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVSSv3:RedHat:CVE-2016-9893:7.3:(AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) CVSSv3:RedHat:CVE-2016-9905:5.6:(AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L) CVSSv3:RedHat:CVE-2016-9899:7.3:(AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) CVSSv3:RedHat:CVE-2016-9904:5.3:(AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVSSv3:RedHat:CVE-2016-9901:5.3:(AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVSSv3:RedHat:CVE-2016-9895:6.1:(AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) CVSSv3:RedHat:CVE-2016-9897:5.6:(AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L) CVSSv2:NVD:CVE-2016-9080:7.5:(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVSSv2:NVD:CVE-2016-9893:7.5:(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVSSv2:NVD:CVE-2016-9894:5.0:(AV:N/AC:L/Au:N/C:N/I:N/A:P) CVSSv2:NVD:CVE-2016-9895:4.3:(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVSSv2:NVD:CVE-2016-9896:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:NVD:CVE-2016-9897:5.0:(AV:N/AC:L/Au:N/C:N/I:N/A:P) CVSSv2:NVD:CVE-2016-9898:7.5:(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVSSv2:NVD:CVE-2016-9899:7.5:(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVSSv2:NVD:CVE-2016-9900:5.0:(AV:N/AC:L/Au:N/C:P/I:N/A:N) CVSSv2:NVD:CVE-2016-9901:7.5:(AV:N/AC:L/Au:N/C:P/I:P/A:P) CVSSv2:NVD:CVE-2016-9902:5.0:(AV:N/AC:L/Au:N/C:N/I:P/A:N) CVSSv2:NVD:CVE-2016-9903:4.3:(AV:N/AC:M/Au:N/C:N/I:P/A:N) CVSSv2:NVD:CVE-2016-9904:5.0:(AV:N/AC:L/Au:N/C:P/I:N/A:N) CVSSv2:NVD:CVE-2016-9905:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv3:NVD:CVE-2016-9080:9.8:(AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSSv3:NVD:CVE-2016-9893:9.8:(AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSSv3:NVD:CVE-2016-9894:7.5:(AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVSSv3:NVD:CVE-2016-9895:6.1:(AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) CVSSv3:NVD:CVE-2016-9896:8.1:(AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSSv3:NVD:CVE-2016-9897:7.5:(AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVSSv3:NVD:CVE-2016-9898:9.8:(AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSSv3:NVD:CVE-2016-9899:9.8:(AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSSv3:NVD:CVE-2016-9900:7.5:(AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) CVSSv3:NVD:CVE-2016-9901:9.8:(AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSSv3:NVD:CVE-2016-9902:7.5:(AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) CVSSv3:NVD:CVE-2016-9903:6.1:(AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) CVSSv3:NVD:CVE-2016-9904:7.5:(AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) CVSSv3:NVD:CVE-2016-9905:8.8:(AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on:    
Bug Blocks: 1015422    

Description Marcus Meissner 2016-12-14 13:26:11 UTC
Security vulnerabilities fixed in Firefox 50.1
https://www.mozilla.org/en-US/security/advisories/mfsa2016-94/

Discovered by: Jann Horn
An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites.

https://bugzilla.mozilla.org/show_bug.cgi?id=1317936
Comment 1 Swamp Workflow Management 2016-12-14 23:02:01 UTC
bugbot adjusting priority
Comment 2 Petr Cerny 2017-08-10 14:54:17 UTC
Released.