CVE-2016-9072

Published: 11 June 2018

When a new Firefox profile is created on 64-bit Windows installations, the sandbox for 64-bit NPAPI plugins is not enabled by default. Note: This issue only affects 64-bit Windows. 32-bit Windows and other operating systems are unaffected. This vulnerability affects Firefox < 50.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
Upstream
Released (50)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(windows only)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [windows only])
thunderbird
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(windows only)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(windows only)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [windows only])