Back to bug 1395060
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Huzaifa S. Sidhpurwala | 2016-11-15 03:38:53 UTC | CC | security-response-team | |
| Huzaifa S. Sidhpurwala | 2016-11-15 04:00:18 UTC | Blocks | 1392803 | |
| Huzaifa S. Sidhpurwala | 2016-11-15 04:03:25 UTC | Summary | EMBARGOED CVE-2016-9064 Mozilla: Addons update must verify IDs match between current and new versions (MFSA 2016-89) | EMBARGOED CVE-2016-9064 Mozilla: Addons update must verify IDs match between current and new versions (MFSA 2016-89, MFSA 2016-90) |
| Huzaifa S. Sidhpurwala | 2016-11-15 04:19:16 UTC | Doc Text | A flaw was found in the way Add-on update process was handled by Firefox. A Man-in-the-Middle attacker could use this flaw to install a malicious signed add-on update. | |
| Huzaifa S. Sidhpurwala | 2016-11-15 04:21:24 UTC | CC | sparks | |
| Flags | needinfo?(sparks) | |||
| Eric Christensen | 2016-11-15 18:23:13 UTC | CC | sparks | |
| Flags | needinfo?(sparks) | |||
| Huzaifa S. Sidhpurwala | 2016-11-16 03:17:42 UTC | Group | security, qe_staff | |
| Summary | EMBARGOED CVE-2016-9064 Mozilla: Addons update must verify IDs match between current and new versions (MFSA 2016-89, MFSA 2016-90) | CVE-2016-9064 Mozilla: Addons update must verify IDs match between current and new versions (MFSA 2016-89, MFSA 2016-90) | ||
| Whiteboard | impact=moderate,public=no,reported=20161115,source=mozilla,cvss2=4.3/AV:N/AC:M/Au:N/C:P/I:N/A:N,cvss3=5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N,rhel-5/firefox=affected,rhel-6/firefox=affected,rhel-7/firefox=affected,rhel-5/thunderbird=affected,rhel-6/thunderbird=affected,rhel-7/thunderbird=affected | impact=moderate,public=20161116,reported=20161115,source=mozilla,cvss2=4.3/AV:N/AC:M/Au:N/C:P/I:N/A:N,cvss3=5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N,rhel-5/firefox=affected,rhel-6/firefox=affected,rhel-7/firefox=affected,rhel-5/thunderbird=affected,rhel-6/thunderbird=affected,rhel-7/thunderbird=affected | ||
| Huzaifa S. Sidhpurwala | 2016-11-24 05:35:45 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Whiteboard | impact=moderate,public=20161116,reported=20161115,source=mozilla,cvss2=4.3/AV:N/AC:M/Au:N/C:P/I:N/A:N,cvss3=5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N,rhel-5/firefox=affected,rhel-6/firefox=affected,rhel-7/firefox=affected,rhel-5/thunderbird=affected,rhel-6/thunderbird=affected,rhel-7/thunderbird=affected | impact=moderate,public=20161116,reported=20161115,source=mozilla,cvss2=4.3/AV:N/AC:M/Au:N/C:P/I:N/A:N,cvss3=5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N,rhel-5/firefox=affected,rhel-6/firefox=affected,rhel-7/firefox=affected,rhel-5/thunderbird=notaffected,rhel-6/thunderbird=notaffected,rhel-7/thunderbird=notaffected | ||
| Last Closed | 2016-11-24 00:35:45 UTC | |||
| Product Security DevOps Team | 2019-09-29 13:59:56 UTC | Whiteboard | impact=moderate,public=20161116,reported=20161115,source=mozilla,cvss2=4.3/AV:N/AC:M/Au:N/C:P/I:N/A:N,cvss3=5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N,rhel-5/firefox=affected,rhel-6/firefox=affected,rhel-7/firefox=affected,rhel-5/thunderbird=notaffected,rhel-6/thunderbird=notaffected,rhel-7/thunderbird=notaffected |
Back to bug 1395060