Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2016-9064  

Add-on updates failed to verify that the add-on ID inside the signed package matched the ID of the add-on being updated. An attacker who could perform a man-in-the-middle attack on the user's connection to the update server and defeat the certificate pinning protection could provide a malicious signed add-on instead of a valid update.

Source
Severity High

Remote Yes

Type Insufficient validation

Description 

Add-on updates failed to verify that the add-on ID inside the signed package matched the ID of the add-on being updated. An attacker who could perform a man-in-the-middle attack on the user's connection to the update server and defeat the certificate pinning protection could provide a malicious signed add-on instead of a valid update.

AVG-72 firefox 49.0.2-1 50.0-1 Critical Fixed

16 Nov 2016 ASA-201611-16 AVG-72 firefox Critical multiple issues 

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9064

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started