Cumulative Security Update for Mozilla Firefox (2016-91)

ITS Advisory Number: 
2016-201
Date(s) Issued: 
Tuesday, November 29, 2016
Subject: 
Cumulative Security Update for Mozilla Firefox (2016-91)
Overview: 

Mozilla has released a security update to address a vulnerability in Firefox versions 49 and 50. A remote attacker could exploit this vulnerability to take control of an affected system.

Systems Affected: 
  • Mozilla Firefox versions 49
  • Mozilla Firefox versions 50
RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
Medium
BUSINESS
Large and medium business entities: 
High
Small business entities: 
Medium
Home Users: 
Low
Description: 

Mozilla has released a security update to address a vulnerability in Firefox versions 49 and 50. A remote attacker could exploit this vulnerability to take control of an affected system.Details of this vulnerabilities are as follows:

URL can inherit wrong origin after an HTTP redirect: Redirection from an HTTP connection to a data: URL assigns the referring site's origin to the data: URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been demonstrated without the ability to read them. (CVE-20169078)

Actions: 
  • After appropriate testing, atheMozilla .

  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.

  • Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.

  • Apply the Principle of Least Privilege to all systems and services.