{"id":"CVE-2016-9904","details":"An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites. This vulnerability affects Firefox \u003c 50.1, Firefox ESR \u003c 45.6, and Thunderbird \u003c 45.6.","modified":"2026-04-16T06:20:14.994910085Z","published":"2018-06-11T21:29:02.467Z","related":["SUSE-SU-2016:3210-1","SUSE-SU-2016:3222-1","SUSE-SU-2016:3223-1","openSUSE-SU-2016:3307-1","openSUSE-SU-2016:3308-1","openSUSE-SU-2024:10071-1","openSUSE-SU-2024:10601-1","openSUSE-SU-2024:14572-1"],"references":[{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2016-2946.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201701-15"},{"type":"ADVISORY","url":"https://www.debian.org/security/2017/dsa-3757"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2016-95/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2016-96/"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/94885"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1037461"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2016-94/"},{"type":"FIX","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1317936"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-9904.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"5.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"5.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"5.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"fixed":"45.6.0"}]},{"events":[{"introduced":"0"},{"fixed":"51.0"}]},{"events":[{"introduced":"0"},{"fixed":"45.6.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}