JavaScript Map/Set Timing Attack Vulnerability

JavaScript Map/Set Timing Attack Vulnerability

CVE-2016-9904 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.

Learn more about our Web App Pen Testing.