Cumulative Security Update for Mozilla Firefox (2016-91)

ITS Advisory Number: 
2016-201
Date(s) Issued: 
Tuesday, November 29, 2016
Subject: 
Cumulative Security Update for Mozilla Firefox (2016-91)
Overview: 

Mozilla has released a security update to address a vulnerability in Firefox versions 49 and 50. A remote attacker could exploit this vulnerability to take control of an affected system.

Systems Affected: 
  • Mozilla Firefox versions 49
  • Mozilla Firefox versions 50
RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
Medium
BUSINESS
Large and medium business entities: 
High
Small business entities: 
Medium
Home Users: 
Low
Description: 

Mozilla has released a security update to address a vulnerability in Firefox versions 49 and 50. A remote attacker could exploit this vulnerability to take control of an affected system.Details of this vulnerabilities are as follows:

URL can inherit wrong origin after an HTTP redirect: Redirection from an HTTP connection to a data: URL assigns the referring site's origin to the data: URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been demonstrated without the ability to read them. (CVE-20169078)

Actions: 

  • After appropriate testing, atheMozilla .

  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.

  • Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.

  • Apply the Principle of Least Privilege to all systems and services.

References: 

Mozilla: 

https://www.mozilla.org/en-US/security/advisories/mfsa2016-91/  

CVE:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9078

Office of Information Technology Services

Other Information

Language Access

Register to Vote

Sign up online or download and mail your application. Register Now