Bugzilla – Bug 1015535
VUL-0: CVE-2016-9904: MozillaFirefox: Cross-origin information leak in shared atoms
Last modified: 2019-05-01 12:54:54 UTC
Security vulnerabilities fixed in Firefox 50.1 https://www.mozilla.org/en-US/security/advisories/mfsa2016-94/ Discovered by: Jann Horn An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites. https://bugzilla.mozilla.org/show_bug.cgi?id=1317936
bugbot adjusting priority
Released.