CVE-2016-9074

Published: Jun 11, 2018Modified: Nov 25, 2025

5.9

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.

Affected (4)

Products: Mozilla: Firefox, Thunderbird · Debian: Debian Linux

2 products

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Before 45.5.0
Mozilla Firefox	Before 50.0
Mozilla Thunderbird	Before 45.5.0

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (18)

http://www.securityfocus.com/bid/94341

Source: security@mozilla.org

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1037298

Source: security@mozilla.org

Third Party AdvisoryVDB Entry

https://bugzilla.mozilla.org/show_bug.cgi?id=1293334

Source: security@mozilla.org

Issue TrackingVendor Advisory

https://security.gentoo.org/glsa/201701-15

Source: security@mozilla.org

Third Party Advisory

https://security.gentoo.org/glsa/201701-46

Source: security@mozilla.org

Third Party Advisory

https://www.debian.org/security/2016/dsa-3730

Source: security@mozilla.org

Third Party Advisory

https://www.mozilla.org/security/advisories/mfsa2016-89/

Source: security@mozilla.org

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2016-90/

Source: security@mozilla.org

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2016-93/

Source: security@mozilla.org

Vendor Advisory

http://www.securityfocus.com/bid/94341