Search

Find a vulnerability

Search criteria

    34 vulnerabilities found for suse_package_hub_for_suse_linux_enterprise by novell

    CVE-2019-13730 (GCVE-0-2019-13730)

    Vulnerability from nvd – Published: 2019-12-10 21:01 – Updated: 2024-08-05 00:05
    VLAI
    Summary
    Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
    Severity
    No CVSS data available.
    CWE
    • Type Confusion
    Assigner
    References
    URL Tags
    https://chromereleases.googleblog.com/2019/12/sta… x_refsource_MISC
    https://crbug.com/1028862 x_refsource_MISC
    https://access.redhat.com/errata/RHSA-2019:4238 vendor-advisoryx_refsource_REDHAT
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    https://seclists.org/bugtraq/2020/Jan/27 mailing-listx_refsource_BUGTRAQ
    https://www.debian.org/security/2020/dsa-4606 vendor-advisoryx_refsource_DEBIAN
    https://security.gentoo.org/glsa/202003-08 vendor-advisoryx_refsource_GENTOO
    Impacted products
    Vendor Product Version
    Google Chrome Affected: unspecified , < 79.0.3945.79 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:05:43.749Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://crbug.com/1028862"
              },
              {
                "name": "RHSA-2019:4238",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:4238"
              },
              {
                "name": "openSUSE-SU-2019:2692",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html"
              },
              {
                "name": "FEDORA-2019-1a10c04281",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/"
              },
              {
                "name": "openSUSE-SU-2019:2694",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html"
              },
              {
                "name": "FEDORA-2020-4355ea258e",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/"
              },
              {
                "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2020/Jan/27"
              },
              {
                "name": "DSA-4606",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2020/dsa-4606"
              },
              {
                "name": "GLSA-202003-08",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202003-08"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Chrome",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "79.0.3945.79",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Type Confusion",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-13T04:06:10.000Z",
            "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            "shortName": "Chrome"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://crbug.com/1028862"
            },
            {
              "name": "RHSA-2019:4238",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:4238"
            },
            {
              "name": "openSUSE-SU-2019:2692",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html"
            },
            {
              "name": "FEDORA-2019-1a10c04281",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/"
            },
            {
              "name": "openSUSE-SU-2019:2694",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html"
            },
            {
              "name": "FEDORA-2020-4355ea258e",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/"
            },
            {
              "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2020/Jan/27"
            },
            {
              "name": "DSA-4606",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2020/dsa-4606"
            },
            {
              "name": "GLSA-202003-08",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/202003-08"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "chrome-cve-admin@google.com",
              "ID": "CVE-2019-13730",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Chrome",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "79.0.3945.79"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Google"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Type Confusion"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html",
                  "refsource": "MISC",
                  "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html"
                },
                {
                  "name": "https://crbug.com/1028862",
                  "refsource": "MISC",
                  "url": "https://crbug.com/1028862"
                },
                {
                  "name": "RHSA-2019:4238",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:4238"
                },
                {
                  "name": "openSUSE-SU-2019:2692",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html"
                },
                {
                  "name": "FEDORA-2019-1a10c04281",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/"
                },
                {
                  "name": "openSUSE-SU-2019:2694",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html"
                },
                {
                  "name": "FEDORA-2020-4355ea258e",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/"
                },
                {
                  "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2020/Jan/27"
                },
                {
                  "name": "DSA-4606",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2020/dsa-4606"
                },
                {
                  "name": "GLSA-202003-08",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/202003-08"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "assignerShortName": "Chrome",
        "cveId": "CVE-2019-13730",
        "datePublished": "2019-12-10T21:01:44.000Z",
        "dateReserved": "2019-07-18T00:00:00.000Z",
        "dateUpdated": "2024-08-05T00:05:43.749Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-9811 (GCVE-0-2019-9811)

    Vulnerability from nvd – Published: 2019-07-23 13:26 – Updated: 2024-08-04 22:01
    VLAI
    Summary
    As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
    Severity
    No CVSS data available.
    CWE
    • Sandbox escape via installation of malicious language pack
    Assigner
    Impacted products
    Vendor Product Version
    Mozilla Firefox ESR Affected: unspecified , < 60.8 (custom)
    Create a notification for this product.
    Mozilla Firefox Affected: unspecified , < 68 (custom)
    Create a notification for this product.
    Mozilla Thunderbird Affected: unspecified , < 60.8 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:01:54.737Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.mozilla.org/security/advisories/mfsa2019-21/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.mozilla.org/security/advisories/mfsa2019-22/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.mozilla.org/security/advisories/mfsa2019-23/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1538007"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1539598"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1563327"
              },
              {
                "name": "openSUSE-SU-2019:1811",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html"
              },
              {
                "name": "openSUSE-SU-2019:1813",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html"
              },
              {
                "name": "[debian-lts-announce] 20190802 [SECURITY] [DLA 1869-1] firefox-esr security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00001.html"
              },
              {
                "name": "[debian-lts-announce] 20190802 [SECURITY] [DLA 1870-1] thunderbird security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00002.html"
              },
              {
                "name": "GLSA-201908-12",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201908-12"
              },
              {
                "name": "GLSA-201908-20",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201908-20"
              },
              {
                "name": "openSUSE-SU-2019:1990",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00073.html"
              },
              {
                "name": "openSUSE-SU-2019:2251",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html"
              },
              {
                "name": "openSUSE-SU-2019:2260",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Firefox ESR",
              "vendor": "Mozilla",
              "versions": [
                {
                  "lessThan": "60.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Firefox",
              "vendor": "Mozilla",
              "versions": [
                {
                  "lessThan": "68",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Thunderbird",
              "vendor": "Mozilla",
              "versions": [
                {
                  "lessThan": "60.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Sandbox escape via installation of malicious language pack",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-10-06T14:06:25.000Z",
            "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
            "shortName": "mozilla"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.mozilla.org/security/advisories/mfsa2019-21/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.mozilla.org/security/advisories/mfsa2019-22/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.mozilla.org/security/advisories/mfsa2019-23/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1538007"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1539598"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1563327"
            },
            {
              "name": "openSUSE-SU-2019:1811",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html"
            },
            {
              "name": "openSUSE-SU-2019:1813",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html"
            },
            {
              "name": "[debian-lts-announce] 20190802 [SECURITY] [DLA 1869-1] firefox-esr security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00001.html"
            },
            {
              "name": "[debian-lts-announce] 20190802 [SECURITY] [DLA 1870-1] thunderbird security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00002.html"
            },
            {
              "name": "GLSA-201908-12",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201908-12"
            },
            {
              "name": "GLSA-201908-20",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201908-20"
            },
            {
              "name": "openSUSE-SU-2019:1990",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00073.html"
            },
            {
              "name": "openSUSE-SU-2019:2251",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html"
            },
            {
              "name": "openSUSE-SU-2019:2260",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@mozilla.org",
              "ID": "CVE-2019-9811",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Firefox ESR",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "60.8"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Firefox",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "68"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Thunderbird",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "60.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Mozilla"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Sandbox escape via installation of malicious language pack"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.mozilla.org/security/advisories/mfsa2019-21/",
                  "refsource": "MISC",
                  "url": "https://www.mozilla.org/security/advisories/mfsa2019-21/"
                },
                {
                  "name": "https://www.mozilla.org/security/advisories/mfsa2019-22/",
                  "refsource": "MISC",
                  "url": "https://www.mozilla.org/security/advisories/mfsa2019-22/"
                },
                {
                  "name": "https://www.mozilla.org/security/advisories/mfsa2019-23/",
                  "refsource": "MISC",
                  "url": "https://www.mozilla.org/security/advisories/mfsa2019-23/"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1538007",
                  "refsource": "MISC",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1538007"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1539598",
                  "refsource": "MISC",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1539598"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1563327",
                  "refsource": "MISC",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1563327"
                },
                {
                  "name": "openSUSE-SU-2019:1811",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html"
                },
                {
                  "name": "openSUSE-SU-2019:1813",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html"
                },
                {
                  "name": "[debian-lts-announce] 20190802 [SECURITY] [DLA 1869-1] firefox-esr security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00001.html"
                },
                {
                  "name": "[debian-lts-announce] 20190802 [SECURITY] [DLA 1870-1] thunderbird security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00002.html"
                },
                {
                  "name": "GLSA-201908-12",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201908-12"
                },
                {
                  "name": "GLSA-201908-20",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201908-20"
                },
                {
                  "name": "openSUSE-SU-2019:1990",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00073.html"
                },
                {
                  "name": "openSUSE-SU-2019:2251",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html"
                },
                {
                  "name": "openSUSE-SU-2019:2260",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "assignerShortName": "mozilla",
        "cveId": "CVE-2019-9811",
        "datePublished": "2019-07-23T13:26:03.000Z",
        "dateReserved": "2019-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-04T22:01:54.737Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-11717 (GCVE-0-2019-11717)

    Vulnerability from nvd – Published: 2019-07-23 13:18 – Updated: 2024-08-04 23:03
    VLAI
    Summary
    A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
    Severity
    No CVSS data available.
    CWE
    • Caret character improperly escaped in origins
    Assigner
    Impacted products
    Vendor Product Version
    Mozilla Firefox ESR Affected: unspecified , < 60.8 (custom)
    Create a notification for this product.
    Mozilla Firefox Affected: unspecified , < 68 (custom)
    Create a notification for this product.
    Mozilla Thunderbird Affected: unspecified , < 60.8 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T23:03:32.386Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.mozilla.org/security/advisories/mfsa2019-21/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.mozilla.org/security/advisories/mfsa2019-22/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.mozilla.org/security/advisories/mfsa2019-23/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1548306"
              },
              {
                "name": "openSUSE-SU-2019:1811",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html"
              },
              {
                "name": "openSUSE-SU-2019:1813",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html"
              },
              {
                "name": "[debian-lts-announce] 20190802 [SECURITY] [DLA 1869-1] firefox-esr security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00001.html"
              },
              {
                "name": "[debian-lts-announce] 20190802 [SECURITY] [DLA 1870-1] thunderbird security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00002.html"
              },
              {
                "name": "GLSA-201908-12",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201908-12"
              },
              {
                "name": "GLSA-201908-20",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201908-20"
              },
              {
                "name": "openSUSE-SU-2019:1990",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00073.html"
              },
              {
                "name": "openSUSE-SU-2019:2248",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html"
              },
              {
                "name": "openSUSE-SU-2019:2249",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Firefox ESR",
              "vendor": "Mozilla",
              "versions": [
                {
                  "lessThan": "60.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Firefox",
              "vendor": "Mozilla",
              "versions": [
                {
                  "lessThan": "68",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Thunderbird",
              "vendor": "Mozilla",
              "versions": [
                {
                  "lessThan": "60.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability exists where the caret (\"^\") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Caret character improperly escaped in origins",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-10-04T17:06:46.000Z",
            "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
            "shortName": "mozilla"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.mozilla.org/security/advisories/mfsa2019-21/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.mozilla.org/security/advisories/mfsa2019-22/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.mozilla.org/security/advisories/mfsa2019-23/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1548306"
            },
            {
              "name": "openSUSE-SU-2019:1811",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html"
            },
            {
              "name": "openSUSE-SU-2019:1813",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html"
            },
            {
              "name": "[debian-lts-announce] 20190802 [SECURITY] [DLA 1869-1] firefox-esr security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00001.html"
            },
            {
              "name": "[debian-lts-announce] 20190802 [SECURITY] [DLA 1870-1] thunderbird security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00002.html"
            },
            {
              "name": "GLSA-201908-12",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201908-12"
            },
            {
              "name": "GLSA-201908-20",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201908-20"
            },
            {
              "name": "openSUSE-SU-2019:1990",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00073.html"
            },
            {
              "name": "openSUSE-SU-2019:2248",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html"
            },
            {
              "name": "openSUSE-SU-2019:2249",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@mozilla.org",
              "ID": "CVE-2019-11717",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Firefox ESR",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "60.8"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Firefox",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "68"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Thunderbird",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "60.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Mozilla"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability exists where the caret (\"^\") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Caret character improperly escaped in origins"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.mozilla.org/security/advisories/mfsa2019-21/",
                  "refsource": "MISC",
                  "url": "https://www.mozilla.org/security/advisories/mfsa2019-21/"
                },
                {
                  "name": "https://www.mozilla.org/security/advisories/mfsa2019-22/",
                  "refsource": "MISC",
                  "url": "https://www.mozilla.org/security/advisories/mfsa2019-22/"
                },
                {
                  "name": "https://www.mozilla.org/security/advisories/mfsa2019-23/",
                  "refsource": "MISC",
                  "url": "https://www.mozilla.org/security/advisories/mfsa2019-23/"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1548306",
                  "refsource": "MISC",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1548306"
                },
                {
                  "name": "openSUSE-SU-2019:1811",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html"
                },
                {
                  "name": "openSUSE-SU-2019:1813",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html"
                },
                {
                  "name": "[debian-lts-announce] 20190802 [SECURITY] [DLA 1869-1] firefox-esr security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00001.html"
                },
                {
                  "name": "[debian-lts-announce] 20190802 [SECURITY] [DLA 1870-1] thunderbird security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00002.html"
                },
                {
                  "name": "GLSA-201908-12",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201908-12"
                },
                {
                  "name": "GLSA-201908-20",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201908-20"
                },
                {
                  "name": "openSUSE-SU-2019:1990",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00073.html"
                },
                {
                  "name": "openSUSE-SU-2019:2248",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html"
                },
                {
                  "name": "openSUSE-SU-2019:2249",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "assignerShortName": "mozilla",
        "cveId": "CVE-2019-11717",
        "datePublished": "2019-07-23T13:18:07.000Z",
        "dateReserved": "2019-05-03T00:00:00.000Z",
        "dateUpdated": "2024-08-04T23:03:32.386Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-11338 (GCVE-0-2019-11338)

    Vulnerability from nvd – Published: 2019-04-18 23:52 – Updated: 2024-08-04 22:48
    VLAI
    Summary
    libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://github.com/FFmpeg/FFmpeg/commit/54655623a… x_refsource_MISC
    http://www.securityfocus.com/bid/108034 vdb-entryx_refsource_BID
    https://usn.ubuntu.com/3967-1/ vendor-advisoryx_refsource_UBUNTU
    https://seclists.org/bugtraq/2019/May/60 mailing-listx_refsource_BUGTRAQ
    https://www.debian.org/security/2019/dsa-4449 vendor-advisoryx_refsource_DEBIAN
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://usn.ubuntu.com/4431-1/ vendor-advisoryx_refsource_UBUNTU
    https://github.com/FFmpeg/FFmpeg/commit/9ccc63306… x_refsource_MISC
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:48:09.222Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/FFmpeg/FFmpeg/commit/54655623a82632e7624714d7b2a3e039dc5faa7e"
              },
              {
                "name": "108034",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/108034"
              },
              {
                "name": "USN-3967-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3967-1/"
              },
              {
                "name": "20190523 [SECURITY] [DSA 4449-1] ffmpeg security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/May/60"
              },
              {
                "name": "DSA-4449",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2019/dsa-4449"
              },
              {
                "name": "[debian-lts-announce] 20190529 [SECURITY] [DLA 1809-1] libav security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00043.html"
              },
              {
                "name": "openSUSE-SU-2020:0024",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html"
              },
              {
                "name": "USN-4431-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4431-1/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/FFmpeg/FFmpeg/commit/9ccc633068c6fe76989f487c8932bd11886ad65b"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-04T18:07:38.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/FFmpeg/FFmpeg/commit/54655623a82632e7624714d7b2a3e039dc5faa7e"
            },
            {
              "name": "108034",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/108034"
            },
            {
              "name": "USN-3967-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3967-1/"
            },
            {
              "name": "20190523 [SECURITY] [DSA 4449-1] ffmpeg security update",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/May/60"
            },
            {
              "name": "DSA-4449",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2019/dsa-4449"
            },
            {
              "name": "[debian-lts-announce] 20190529 [SECURITY] [DLA 1809-1] libav security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00043.html"
            },
            {
              "name": "openSUSE-SU-2020:0024",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html"
            },
            {
              "name": "USN-4431-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4431-1/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/FFmpeg/FFmpeg/commit/9ccc633068c6fe76989f487c8932bd11886ad65b"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-11338",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/FFmpeg/FFmpeg/commit/54655623a82632e7624714d7b2a3e039dc5faa7e",
                  "refsource": "MISC",
                  "url": "https://github.com/FFmpeg/FFmpeg/commit/54655623a82632e7624714d7b2a3e039dc5faa7e"
                },
                {
                  "name": "108034",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/108034"
                },
                {
                  "name": "USN-3967-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3967-1/"
                },
                {
                  "name": "20190523 [SECURITY] [DSA 4449-1] ffmpeg security update",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/May/60"
                },
                {
                  "name": "DSA-4449",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2019/dsa-4449"
                },
                {
                  "name": "[debian-lts-announce] 20190529 [SECURITY] [DLA 1809-1] libav security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00043.html"
                },
                {
                  "name": "openSUSE-SU-2020:0024",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html"
                },
                {
                  "name": "USN-4431-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4431-1/"
                },
                {
                  "name": "https://github.com/FFmpeg/FFmpeg/commit/9ccc633068c6fe76989f487c8932bd11886ad65b",
                  "refsource": "MISC",
                  "url": "https://github.com/FFmpeg/FFmpeg/commit/9ccc633068c6fe76989f487c8932bd11886ad65b"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-11338",
        "datePublished": "2019-04-18T23:52:00.000Z",
        "dateReserved": "2019-04-18T00:00:00.000Z",
        "dateUpdated": "2024-08-04T22:48:09.222Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-8932 (GCVE-0-2017-8932)

    Vulnerability from nvd – Published: 2017-07-06 16:00 – Updated: 2024-08-05 16:48
    VLAI
    Summary
    A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by submitting crafted points and observing failures to the derive correct output. This leads to a full key recovery attack against static ECDH, as used in popular JWT libraries.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2017-05-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:48:22.902Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[golang-announce] 20170523  [security] Go 1.7.6 and Go 1.8.2 are released",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://groups.google.com/d/msg/golang-announce/B5ww0iFt1_Q/TgUFJV14BgAJ"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/golang/go/commit/9294fa2749ffee7edbbb817a0ef9fe633136fa9c"
              },
              {
                "name": "RHSA-2017:1859",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1859"
              },
              {
                "name": "openSUSE-SU-2017:1650",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2017-06/msg00080.html"
              },
              {
                "name": "openSUSE-SU-2017:1649",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2017-06/msg00079.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1455191"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/golang/go/issues/20040"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://go-review.googlesource.com/c/41070/"
              },
              {
                "name": "FEDORA-2017-278f46fcd6",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZH4T47ROLZ6YEZBDVXVS2KISTDMXAPS/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-05-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by submitting crafted points and observing failures to the derive correct output. This leads to a full key recovery attack against static ECDH, as used in popular JWT libraries."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-04T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[golang-announce] 20170523  [security] Go 1.7.6 and Go 1.8.2 are released",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://groups.google.com/d/msg/golang-announce/B5ww0iFt1_Q/TgUFJV14BgAJ"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/golang/go/commit/9294fa2749ffee7edbbb817a0ef9fe633136fa9c"
            },
            {
              "name": "RHSA-2017:1859",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1859"
            },
            {
              "name": "openSUSE-SU-2017:1650",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2017-06/msg00080.html"
            },
            {
              "name": "openSUSE-SU-2017:1649",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2017-06/msg00079.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1455191"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/golang/go/issues/20040"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://go-review.googlesource.com/c/41070/"
            },
            {
              "name": "FEDORA-2017-278f46fcd6",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZH4T47ROLZ6YEZBDVXVS2KISTDMXAPS/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-8932",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by submitting crafted points and observing failures to the derive correct output. This leads to a full key recovery attack against static ECDH, as used in popular JWT libraries."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[golang-announce] 20170523  [security] Go 1.7.6 and Go 1.8.2 are released",
                  "refsource": "MLIST",
                  "url": "https://groups.google.com/d/msg/golang-announce/B5ww0iFt1_Q/TgUFJV14BgAJ"
                },
                {
                  "name": "https://github.com/golang/go/commit/9294fa2749ffee7edbbb817a0ef9fe633136fa9c",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/golang/go/commit/9294fa2749ffee7edbbb817a0ef9fe633136fa9c"
                },
                {
                  "name": "RHSA-2017:1859",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1859"
                },
                {
                  "name": "openSUSE-SU-2017:1650",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2017-06/msg00080.html"
                },
                {
                  "name": "openSUSE-SU-2017:1649",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2017-06/msg00079.html"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1455191",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1455191"
                },
                {
                  "name": "https://github.com/golang/go/issues/20040",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/golang/go/issues/20040"
                },
                {
                  "name": "https://go-review.googlesource.com/c/41070/",
                  "refsource": "CONFIRM",
                  "url": "https://go-review.googlesource.com/c/41070/"
                },
                {
                  "name": "FEDORA-2017-278f46fcd6",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZH4T47ROLZ6YEZBDVXVS2KISTDMXAPS/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-8932",
        "datePublished": "2017-07-06T16:00:00.000Z",
        "dateReserved": "2017-05-15T00:00:00.000Z",
        "dateUpdated": "2024-08-05T16:48:22.902Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-4303 (GCVE-0-2016-4303)

    Vulnerability from nvd – Published: 2016-09-26 14:00 – Updated: 2024-08-06 00:25
    VLAI
    Summary
    The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2016-06-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:25:14.113Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.talosintelligence.com/reports/TALOS-2016-0164/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://blog.talosintel.com/2016/06/esnet-vulnerability.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://software.es.net/iperf/news.html#security-issue-iperf-3-1-3-iperf-3-0-12-released"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://raw.githubusercontent.com/esnet/security/master/cve-2016-4303/esnet-secadv-2016-0001.txt.asc"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/esnet/iperf/commit/91f2fa59e8ed80dfbf400add0164ee0e508e412a"
              },
              {
                "name": "openSUSE-SU-2016:2113",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00082.html"
              },
              {
                "name": "openSUSE-SU-2016:2121",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00090.html"
              },
              {
                "name": "[debian-lts-announce] 20200127 [SECURITY] [DLA 2080-1] iperf3 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00023.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-06-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-27T23:06:04.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.talosintelligence.com/reports/TALOS-2016-0164/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://blog.talosintel.com/2016/06/esnet-vulnerability.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://software.es.net/iperf/news.html#security-issue-iperf-3-1-3-iperf-3-0-12-released"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://raw.githubusercontent.com/esnet/security/master/cve-2016-4303/esnet-secadv-2016-0001.txt.asc"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/esnet/iperf/commit/91f2fa59e8ed80dfbf400add0164ee0e508e412a"
            },
            {
              "name": "openSUSE-SU-2016:2113",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00082.html"
            },
            {
              "name": "openSUSE-SU-2016:2121",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00090.html"
            },
            {
              "name": "[debian-lts-announce] 20200127 [SECURITY] [DLA 2080-1] iperf3 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00023.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2016-4303",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.talosintelligence.com/reports/TALOS-2016-0164/",
                  "refsource": "MISC",
                  "url": "http://www.talosintelligence.com/reports/TALOS-2016-0164/"
                },
                {
                  "name": "http://blog.talosintel.com/2016/06/esnet-vulnerability.html",
                  "refsource": "MISC",
                  "url": "http://blog.talosintel.com/2016/06/esnet-vulnerability.html"
                },
                {
                  "name": "http://software.es.net/iperf/news.html#security-issue-iperf-3-1-3-iperf-3-0-12-released",
                  "refsource": "CONFIRM",
                  "url": "http://software.es.net/iperf/news.html#security-issue-iperf-3-1-3-iperf-3-0-12-released"
                },
                {
                  "name": "https://raw.githubusercontent.com/esnet/security/master/cve-2016-4303/esnet-secadv-2016-0001.txt.asc",
                  "refsource": "CONFIRM",
                  "url": "https://raw.githubusercontent.com/esnet/security/master/cve-2016-4303/esnet-secadv-2016-0001.txt.asc"
                },
                {
                  "name": "https://github.com/esnet/iperf/commit/91f2fa59e8ed80dfbf400add0164ee0e508e412a",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/esnet/iperf/commit/91f2fa59e8ed80dfbf400add0164ee0e508e412a"
                },
                {
                  "name": "openSUSE-SU-2016:2113",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00082.html"
                },
                {
                  "name": "openSUSE-SU-2016:2121",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00090.html"
                },
                {
                  "name": "[debian-lts-announce] 20200127 [SECURITY] [DLA 2080-1] iperf3 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00023.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2016-4303",
        "datePublished": "2016-09-26T14:00:00.000Z",
        "dateReserved": "2016-04-27T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:25:14.113Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-1704 (GCVE-0-2016-1704)

    Vulnerability from nvd – Published: 2016-07-03 21:00 – Updated: 2024-08-05 23:02
    VLAI
    Summary
    Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.103 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2016:1262 vendor-advisoryx_refsource_REDHAT
    http://googlechromereleases.blogspot.com/2016/06/… x_refsource_CONFIRM
    https://crbug.com/620742 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://crbug.com/613915 x_refsource_CONFIRM
    https://crbug.com/613698 x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-3015-1 vendor-advisoryx_refsource_UBUNTU
    https://crbug.com/610799 x_refsource_CONFIRM
    http://www.debian.org/security/2016/dsa-3637 vendor-advisoryx_refsource_DEBIAN
    Date Public
    2016-06-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T23:02:12.838Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2016:1262",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2016:1262"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://googlechromereleases.blogspot.com/2016/06/stable-channel-update_16.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://crbug.com/620742"
              },
              {
                "name": "openSUSE-SU-2016:1626",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00039.html"
              },
              {
                "name": "openSUSE-SU-2016:1624",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00037.html"
              },
              {
                "name": "openSUSE-SU-2016:1655",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html"
              },
              {
                "name": "openSUSE-SU-2016:1623",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00036.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://crbug.com/613915"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://crbug.com/613698"
              },
              {
                "name": "USN-3015-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3015-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://crbug.com/610799"
              },
              {
                "name": "DSA-3637",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3637"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-06-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.103 allow attackers to cause a denial of service or possibly have other impact via unknown vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-11-25T20:57:01.000Z",
            "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            "shortName": "Chrome"
          },
          "references": [
            {
              "name": "RHSA-2016:1262",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2016:1262"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://googlechromereleases.blogspot.com/2016/06/stable-channel-update_16.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://crbug.com/620742"
            },
            {
              "name": "openSUSE-SU-2016:1626",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00039.html"
            },
            {
              "name": "openSUSE-SU-2016:1624",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00037.html"
            },
            {
              "name": "openSUSE-SU-2016:1655",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html"
            },
            {
              "name": "openSUSE-SU-2016:1623",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00036.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://crbug.com/613915"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://crbug.com/613698"
            },
            {
              "name": "USN-3015-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3015-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://crbug.com/610799"
            },
            {
              "name": "DSA-3637",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3637"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@google.com",
              "ID": "CVE-2016-1704",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.103 allow attackers to cause a denial of service or possibly have other impact via unknown vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "RHSA-2016:1262",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2016:1262"
                },
                {
                  "name": "http://googlechromereleases.blogspot.com/2016/06/stable-channel-update_16.html",
                  "refsource": "CONFIRM",
                  "url": "http://googlechromereleases.blogspot.com/2016/06/stable-channel-update_16.html"
                },
                {
                  "name": "https://crbug.com/620742",
                  "refsource": "CONFIRM",
                  "url": "https://crbug.com/620742"
                },
                {
                  "name": "openSUSE-SU-2016:1626",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00039.html"
                },
                {
                  "name": "openSUSE-SU-2016:1624",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00037.html"
                },
                {
                  "name": "openSUSE-SU-2016:1655",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html"
                },
                {
                  "name": "openSUSE-SU-2016:1623",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00036.html"
                },
                {
                  "name": "https://crbug.com/613915",
                  "refsource": "CONFIRM",
                  "url": "https://crbug.com/613915"
                },
                {
                  "name": "https://crbug.com/613698",
                  "refsource": "CONFIRM",
                  "url": "https://crbug.com/613698"
                },
                {
                  "name": "USN-3015-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3015-1"
                },
                {
                  "name": "https://crbug.com/610799",
                  "refsource": "CONFIRM",
                  "url": "https://crbug.com/610799"
                },
                {
                  "name": "DSA-3637",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2016/dsa-3637"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "assignerShortName": "Chrome",
        "cveId": "CVE-2016-1704",
        "datePublished": "2016-07-03T21:00:00.000Z",
        "dateReserved": "2016-01-12T00:00:00.000Z",
        "dateUpdated": "2024-08-05T23:02:12.838Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-2818 (GCVE-0-2016-2818)

    Vulnerability from nvd – Published: 2016-06-13 10:00 – Updated: 2024-08-05 23:32
    VLAI
    Summary
    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1036057 vdb-entryx_refsource_SECTRACK
    http://www.debian.org/security/2016/dsa-3647 vendor-advisoryx_refsource_DEBIAN
    https://bugzilla.mozilla.org/show_bug.cgi?id=1234147 x_refsource_CONFIRM
    https://bugzilla.mozilla.org/show_bug.cgi?id=1265577 x_refsource_CONFIRM
    https://access.redhat.com/errata/RHSA-2016:1217 vendor-advisoryx_refsource_REDHAT
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://bugzilla.mozilla.org/show_bug.cgi?id=1256739 x_refsource_CONFIRM
    https://bugzilla.mozilla.org/show_bug.cgi?id=1261752 x_refsource_CONFIRM
    https://bugzilla.mozilla.org/show_bug.cgi?id=1269729 x_refsource_CONFIRM
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    https://bugzilla.mozilla.org/show_bug.cgi?id=1256968 x_refsource_CONFIRM
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://bugzilla.mozilla.org/show_bug.cgi?id=1264575 x_refsource_CONFIRM
    https://bugzilla.mozilla.org/show_bug.cgi?id=1267130 x_refsource_CONFIRM
    https://access.redhat.com/errata/RHSA-2016:1392 vendor-advisoryx_refsource_REDHAT
    http://www.mozilla.org/security/announce/2016/mfs… x_refsource_CONFIRM
    https://bugzilla.mozilla.org/show_bug.cgi?id=1261230 x_refsource_CONFIRM
    https://bugzilla.mozilla.org/show_bug.cgi?id=1273202 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://bugzilla.mozilla.org/show_bug.cgi?id=1256493 x_refsource_CONFIRM
    https://bugzilla.mozilla.org/show_bug.cgi?id=1263384 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3023-1 vendor-advisoryx_refsource_UBUNTU
    https://bugzilla.mozilla.org/show_bug.cgi?id=1273701 x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-2993-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.securityfocus.com/bid/91075 vdb-entryx_refsource_BID
    http://www.debian.org/security/2016/dsa-3600 vendor-advisoryx_refsource_DEBIAN
    Date Public
    2016-06-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T23:32:21.231Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1036057",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1036057"
              },
              {
                "name": "DSA-3647",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3647"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1234147"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1265577"
              },
              {
                "name": "RHSA-2016:1217",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2016:1217"
              },
              {
                "name": "openSUSE-SU-2016:1557",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1256739"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1261752"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1269729"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1256968"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
              },
              {
                "name": "openSUSE-SU-2016:1767",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html"
              },
              {
                "name": "openSUSE-SU-2016:1778",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1264575"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1267130"
              },
              {
                "name": "RHSA-2016:1392",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2016:1392"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-49.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1261230"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1273202"
              },
              {
                "name": "openSUSE-SU-2016:1769",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1256493"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1263384"
              },
              {
                "name": "openSUSE-SU-2016:1552",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html"
              },
              {
                "name": "USN-3023-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3023-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1273701"
              },
              {
                "name": "USN-2993-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2993-1"
              },
              {
                "name": "SUSE-SU-2016:1691",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.html"
              },
              {
                "name": "91075",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/91075"
              },
              {
                "name": "DSA-3600",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3600"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-06-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-11-25T20:57:01.000Z",
            "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
            "shortName": "mozilla"
          },
          "references": [
            {
              "name": "1036057",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1036057"
            },
            {
              "name": "DSA-3647",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3647"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1234147"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1265577"
            },
            {
              "name": "RHSA-2016:1217",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2016:1217"
            },
            {
              "name": "openSUSE-SU-2016:1557",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1256739"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1261752"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1269729"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1256968"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
            },
            {
              "name": "openSUSE-SU-2016:1767",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html"
            },
            {
              "name": "openSUSE-SU-2016:1778",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1264575"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1267130"
            },
            {
              "name": "RHSA-2016:1392",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2016:1392"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-49.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1261230"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1273202"
            },
            {
              "name": "openSUSE-SU-2016:1769",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1256493"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1263384"
            },
            {
              "name": "openSUSE-SU-2016:1552",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html"
            },
            {
              "name": "USN-3023-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3023-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1273701"
            },
            {
              "name": "USN-2993-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2993-1"
            },
            {
              "name": "SUSE-SU-2016:1691",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.html"
            },
            {
              "name": "91075",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/91075"
            },
            {
              "name": "DSA-3600",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3600"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@mozilla.org",
              "ID": "CVE-2016-2818",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1036057",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1036057"
                },
                {
                  "name": "DSA-3647",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2016/dsa-3647"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1234147",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1234147"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1265577",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1265577"
                },
                {
                  "name": "RHSA-2016:1217",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2016:1217"
                },
                {
                  "name": "openSUSE-SU-2016:1557",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1256739",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1256739"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1261752",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1261752"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1269729",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1269729"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1256968",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1256968"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
                },
                {
                  "name": "openSUSE-SU-2016:1767",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html"
                },
                {
                  "name": "openSUSE-SU-2016:1778",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1264575",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1264575"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1267130",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1267130"
                },
                {
                  "name": "RHSA-2016:1392",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2016:1392"
                },
                {
                  "name": "http://www.mozilla.org/security/announce/2016/mfsa2016-49.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-49.html"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1261230",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1261230"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1273202",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1273202"
                },
                {
                  "name": "openSUSE-SU-2016:1769",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1256493",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1256493"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1263384",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1263384"
                },
                {
                  "name": "openSUSE-SU-2016:1552",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html"
                },
                {
                  "name": "USN-3023-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3023-1"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1273701",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1273701"
                },
                {
                  "name": "USN-2993-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2993-1"
                },
                {
                  "name": "SUSE-SU-2016:1691",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.html"
                },
                {
                  "name": "91075",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/91075"
                },
                {
                  "name": "DSA-3600",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2016/dsa-3600"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "assignerShortName": "mozilla",
        "cveId": "CVE-2016-2818",
        "datePublished": "2016-06-13T10:00:00.000Z",
        "dateReserved": "2016-03-01T00:00:00.000Z",
        "dateUpdated": "2024-08-05T23:32:21.231Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-1658 (GCVE-0-2016-1658)

    Vulnerability from nvd – Published: 2016-04-18 10:00 – Updated: 2024-08-05 23:02
    VLAI
    Summary
    The Extensions subsystem in Google Chrome before 50.0.2661.75 incorrectly relies on GetOrigin method calls for origin comparisons, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted extension.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://codereview.chromium.org/1658913002 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://rhn.redhat.com/errata/RHSA-2016-0638.html vendor-advisoryx_refsource_REDHAT
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.debian.org/security/2016/dsa-3549 vendor-advisoryx_refsource_DEBIAN
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://googlechromereleases.blogspot.com/2016/04/… x_refsource_CONFIRM
    https://security.gentoo.org/glsa/201605-02 vendor-advisoryx_refsource_GENTOO
    https://crbug.com/573317 x_refsource_CONFIRM
    Date Public
    2016-04-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T23:02:12.825Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "openSUSE-SU-2016:1136",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00050.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://codereview.chromium.org/1658913002"
              },
              {
                "name": "openSUSE-SU-2016:1135",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00049.html"
              },
              {
                "name": "RHSA-2016:0638",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-0638.html"
              },
              {
                "name": "SUSE-SU-2016:1060",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00040.html"
              },
              {
                "name": "DSA-3549",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3549"
              },
              {
                "name": "openSUSE-SU-2016:1061",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00041.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html"
              },
              {
                "name": "GLSA-201605-02",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201605-02"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://crbug.com/573317"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-04-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Extensions subsystem in Google Chrome before 50.0.2661.75 incorrectly relies on GetOrigin method calls for origin comparisons, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted extension."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-11-30T18:57:01.000Z",
            "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            "shortName": "Chrome"
          },
          "references": [
            {
              "name": "openSUSE-SU-2016:1136",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00050.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://codereview.chromium.org/1658913002"
            },
            {
              "name": "openSUSE-SU-2016:1135",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00049.html"
            },
            {
              "name": "RHSA-2016:0638",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0638.html"
            },
            {
              "name": "SUSE-SU-2016:1060",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00040.html"
            },
            {
              "name": "DSA-3549",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3549"
            },
            {
              "name": "openSUSE-SU-2016:1061",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00041.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html"
            },
            {
              "name": "GLSA-201605-02",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201605-02"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://crbug.com/573317"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@google.com",
              "ID": "CVE-2016-1658",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Extensions subsystem in Google Chrome before 50.0.2661.75 incorrectly relies on GetOrigin method calls for origin comparisons, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted extension."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "openSUSE-SU-2016:1136",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00050.html"
                },
                {
                  "name": "https://codereview.chromium.org/1658913002",
                  "refsource": "CONFIRM",
                  "url": "https://codereview.chromium.org/1658913002"
                },
                {
                  "name": "openSUSE-SU-2016:1135",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00049.html"
                },
                {
                  "name": "RHSA-2016:0638",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-0638.html"
                },
                {
                  "name": "SUSE-SU-2016:1060",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00040.html"
                },
                {
                  "name": "DSA-3549",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2016/dsa-3549"
                },
                {
                  "name": "openSUSE-SU-2016:1061",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00041.html"
                },
                {
                  "name": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html",
                  "refsource": "CONFIRM",
                  "url": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html"
                },
                {
                  "name": "GLSA-201605-02",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201605-02"
                },
                {
                  "name": "https://crbug.com/573317",
                  "refsource": "CONFIRM",
                  "url": "https://crbug.com/573317"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "assignerShortName": "Chrome",
        "cveId": "CVE-2016-1658",
        "datePublished": "2016-04-18T10:00:00.000Z",
        "dateReserved": "2016-01-12T00:00:00.000Z",
        "dateUpdated": "2024-08-05T23:02:12.825Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-1657 (GCVE-0-2016-1657)

    Vulnerability from nvd – Published: 2016-04-18 10:00 – Updated: 2024-08-05 23:02
    VLAI
    Summary
    The WebContentsImpl::FocusLocationBarByDefault function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 50.0.2661.75 mishandles focus for certain about:blank pages, which allows remote attackers to spoof the address bar via a crafted URL.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://crbug.com/567445 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://rhn.redhat.com/errata/RHSA-2016-0638.html vendor-advisoryx_refsource_REDHAT
    https://codereview.chromium.org/1678233003/ x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.debian.org/security/2016/dsa-3549 vendor-advisoryx_refsource_DEBIAN
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://googlechromereleases.blogspot.com/2016/04/… x_refsource_CONFIRM
    https://security.gentoo.org/glsa/201605-02 vendor-advisoryx_refsource_GENTOO
    Date Public
    2016-04-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T23:02:12.504Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://crbug.com/567445"
              },
              {
                "name": "openSUSE-SU-2016:1136",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00050.html"
              },
              {
                "name": "openSUSE-SU-2016:1135",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00049.html"
              },
              {
                "name": "RHSA-2016:0638",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-0638.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://codereview.chromium.org/1678233003/"
              },
              {
                "name": "SUSE-SU-2016:1060",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00040.html"
              },
              {
                "name": "DSA-3549",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3549"
              },
              {
                "name": "openSUSE-SU-2016:1061",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00041.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html"
              },
              {
                "name": "GLSA-201605-02",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201605-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-04-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The WebContentsImpl::FocusLocationBarByDefault function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 50.0.2661.75 mishandles focus for certain about:blank pages, which allows remote attackers to spoof the address bar via a crafted URL."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-11-30T18:57:01.000Z",
            "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            "shortName": "Chrome"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://crbug.com/567445"
            },
            {
              "name": "openSUSE-SU-2016:1136",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00050.html"
            },
            {
              "name": "openSUSE-SU-2016:1135",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00049.html"
            },
            {
              "name": "RHSA-2016:0638",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0638.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://codereview.chromium.org/1678233003/"
            },
            {
              "name": "SUSE-SU-2016:1060",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00040.html"
            },
            {
              "name": "DSA-3549",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3549"
            },
            {
              "name": "openSUSE-SU-2016:1061",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00041.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html"
            },
            {
              "name": "GLSA-201605-02",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201605-02"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@google.com",
              "ID": "CVE-2016-1657",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The WebContentsImpl::FocusLocationBarByDefault function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 50.0.2661.75 mishandles focus for certain about:blank pages, which allows remote attackers to spoof the address bar via a crafted URL."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://crbug.com/567445",
                  "refsource": "CONFIRM",
                  "url": "https://crbug.com/567445"
                },
                {
                  "name": "openSUSE-SU-2016:1136",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00050.html"
                },
                {
                  "name": "openSUSE-SU-2016:1135",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00049.html"
                },
                {
                  "name": "RHSA-2016:0638",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-0638.html"
                },
                {
                  "name": "https://codereview.chromium.org/1678233003/",
                  "refsource": "CONFIRM",
                  "url": "https://codereview.chromium.org/1678233003/"
                },
                {
                  "name": "SUSE-SU-2016:1060",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00040.html"
                },
                {
                  "name": "DSA-3549",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2016/dsa-3549"
                },
                {
                  "name": "openSUSE-SU-2016:1061",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00041.html"
                },
                {
                  "name": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html",
                  "refsource": "CONFIRM",
                  "url": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html"
                },
                {
                  "name": "GLSA-201605-02",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201605-02"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "assignerShortName": "Chrome",
        "cveId": "CVE-2016-1657",
        "datePublished": "2016-04-18T10:00:00.000Z",
        "dateReserved": "2016-01-12T00:00:00.000Z",
        "dateUpdated": "2024-08-05T23:02:12.504Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-1957 (GCVE-0-2016-1957)

    Vulnerability from nvd – Published: 2016-03-13 18:00 – Updated: 2024-08-05 23:10
    VLAI
    Summary
    Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that triggers a delete operation on an array.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.mozilla.org/security/announce/2016/mfs… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-2917-1 vendor-advisoryx_refsource_UBUNTU
    http://www.debian.org/security/2016/dsa-3520 vendor-advisoryx_refsource_DEBIAN
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://bugzilla.mozilla.org/show_bug.cgi?id=1227052 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.debian.org/security/2016/dsa-3510 vendor-advisoryx_refsource_DEBIAN
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.securitytracker.com/id/1035215 vdb-entryx_refsource_SECTRACK
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://security.gentoo.org/glsa/201605-06 vendor-advisoryx_refsource_GENTOO
    http://www.ubuntu.com/usn/USN-2934-1 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-2917-2 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-2917-3 vendor-advisoryx_refsource_UBUNTU
    Date Public
    2016-03-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T23:10:40.282Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "openSUSE-SU-2016:0894",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html"
              },
              {
                "name": "SUSE-SU-2016:0820",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
              },
              {
                "name": "openSUSE-SU-2016:1767",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
              },
              {
                "name": "openSUSE-SU-2016:0731",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
              },
              {
                "name": "SUSE-SU-2016:0727",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
              },
              {
                "name": "openSUSE-SU-2016:1778",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-20.html"
              },
              {
                "name": "openSUSE-SU-2016:0876",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html"
              },
              {
                "name": "USN-2917-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2917-1"
              },
              {
                "name": "DSA-3520",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3520"
              },
              {
                "name": "openSUSE-SU-2016:1769",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1227052"
              },
              {
                "name": "SUSE-SU-2016:0909",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
              },
              {
                "name": "DSA-3510",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3510"
              },
              {
                "name": "openSUSE-SU-2016:0733",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
              },
              {
                "name": "1035215",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1035215"
              },
              {
                "name": "SUSE-SU-2016:0777",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
              },
              {
                "name": "GLSA-201605-06",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201605-06"
              },
              {
                "name": "USN-2934-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2934-1"
              },
              {
                "name": "USN-2917-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2917-2"
              },
              {
                "name": "USN-2917-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2917-3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-03-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that triggers a delete operation on an array."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-12-01T16:57:01.000Z",
            "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
            "shortName": "mozilla"
          },
          "references": [
            {
              "name": "openSUSE-SU-2016:0894",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html"
            },
            {
              "name": "SUSE-SU-2016:0820",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
            },
            {
              "name": "openSUSE-SU-2016:1767",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
            },
            {
              "name": "openSUSE-SU-2016:0731",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
            },
            {
              "name": "SUSE-SU-2016:0727",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
            },
            {
              "name": "openSUSE-SU-2016:1778",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-20.html"
            },
            {
              "name": "openSUSE-SU-2016:0876",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html"
            },
            {
              "name": "USN-2917-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2917-1"
            },
            {
              "name": "DSA-3520",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3520"
            },
            {
              "name": "openSUSE-SU-2016:1769",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1227052"
            },
            {
              "name": "SUSE-SU-2016:0909",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
            },
            {
              "name": "DSA-3510",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3510"
            },
            {
              "name": "openSUSE-SU-2016:0733",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
            },
            {
              "name": "1035215",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1035215"
            },
            {
              "name": "SUSE-SU-2016:0777",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
            },
            {
              "name": "GLSA-201605-06",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201605-06"
            },
            {
              "name": "USN-2934-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2934-1"
            },
            {
              "name": "USN-2917-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2917-2"
            },
            {
              "name": "USN-2917-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2917-3"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@mozilla.org",
              "ID": "CVE-2016-1957",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that triggers a delete operation on an array."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "openSUSE-SU-2016:0894",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html"
                },
                {
                  "name": "SUSE-SU-2016:0820",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
                },
                {
                  "name": "openSUSE-SU-2016:1767",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
                },
                {
                  "name": "openSUSE-SU-2016:0731",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
                },
                {
                  "name": "SUSE-SU-2016:0727",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
                },
                {
                  "name": "openSUSE-SU-2016:1778",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html"
                },
                {
                  "name": "http://www.mozilla.org/security/announce/2016/mfsa2016-20.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-20.html"
                },
                {
                  "name": "openSUSE-SU-2016:0876",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html"
                },
                {
                  "name": "USN-2917-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2917-1"
                },
                {
                  "name": "DSA-3520",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2016/dsa-3520"
                },
                {
                  "name": "openSUSE-SU-2016:1769",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1227052",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1227052"
                },
                {
                  "name": "SUSE-SU-2016:0909",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
                },
                {
                  "name": "DSA-3510",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2016/dsa-3510"
                },
                {
                  "name": "openSUSE-SU-2016:0733",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
                },
                {
                  "name": "1035215",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1035215"
                },
                {
                  "name": "SUSE-SU-2016:0777",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
                },
                {
                  "name": "GLSA-201605-06",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201605-06"
                },
                {
                  "name": "USN-2934-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2934-1"
                },
                {
                  "name": "USN-2917-2",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2917-2"
                },
                {
                  "name": "USN-2917-3",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2917-3"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "assignerShortName": "mozilla",
        "cveId": "CVE-2016-1957",
        "datePublished": "2016-03-13T18:00:00.000Z",
        "dateReserved": "2016-01-20T00:00:00.000Z",
        "dateUpdated": "2024-08-05T23:10:40.282Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-1956 (GCVE-0-2016-1956)

    Vulnerability from nvd – Published: 2016-03-13 18:00 – Updated: 2024-08-05 23:10
    VLAI
    Summary
    Mozilla Firefox before 45.0 on Linux, when an Intel video driver is used, allows remote attackers to cause a denial of service (memory consumption or stack memory corruption) by triggering use of a WebGL shader.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://bugzilla.mozilla.org/show_bug.cgi?id=1199923 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-2917-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.mozilla.org/security/announce/2016/mfs… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.securitytracker.com/id/1035215 vdb-entryx_refsource_SECTRACK
    https://security.gentoo.org/glsa/201605-06 vendor-advisoryx_refsource_GENTOO
    http://www.ubuntu.com/usn/USN-2917-2 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-2917-3 vendor-advisoryx_refsource_UBUNTU
    Date Public
    2016-03-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T23:10:40.252Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1199923"
              },
              {
                "name": "openSUSE-SU-2016:1767",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html"
              },
              {
                "name": "openSUSE-SU-2016:0731",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
              },
              {
                "name": "openSUSE-SU-2016:1778",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html"
              },
              {
                "name": "USN-2917-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2917-1"
              },
              {
                "name": "openSUSE-SU-2016:1769",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-19.html"
              },
              {
                "name": "openSUSE-SU-2016:0733",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
              },
              {
                "name": "1035215",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1035215"
              },
              {
                "name": "GLSA-201605-06",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201605-06"
              },
              {
                "name": "USN-2917-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2917-2"
              },
              {
                "name": "USN-2917-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2917-3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-03-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Mozilla Firefox before 45.0 on Linux, when an Intel video driver is used, allows remote attackers to cause a denial of service (memory consumption or stack memory corruption) by triggering use of a WebGL shader."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-12-01T15:57:02.000Z",
            "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
            "shortName": "mozilla"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1199923"
            },
            {
              "name": "openSUSE-SU-2016:1767",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html"
            },
            {
              "name": "openSUSE-SU-2016:0731",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
            },
            {
              "name": "openSUSE-SU-2016:1778",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html"
            },
            {
              "name": "USN-2917-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2917-1"
            },
            {
              "name": "openSUSE-SU-2016:1769",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-19.html"
            },
            {
              "name": "openSUSE-SU-2016:0733",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
            },
            {
              "name": "1035215",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1035215"
            },
            {
              "name": "GLSA-201605-06",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201605-06"
            },
            {
              "name": "USN-2917-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2917-2"
            },
            {
              "name": "USN-2917-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2917-3"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@mozilla.org",
              "ID": "CVE-2016-1956",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Mozilla Firefox before 45.0 on Linux, when an Intel video driver is used, allows remote attackers to cause a denial of service (memory consumption or stack memory corruption) by triggering use of a WebGL shader."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1199923",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1199923"
                },
                {
                  "name": "openSUSE-SU-2016:1767",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html"
                },
                {
                  "name": "openSUSE-SU-2016:0731",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
                },
                {
                  "name": "openSUSE-SU-2016:1778",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html"
                },
                {
                  "name": "USN-2917-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2917-1"
                },
                {
                  "name": "openSUSE-SU-2016:1769",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html"
                },
                {
                  "name": "http://www.mozilla.org/security/announce/2016/mfsa2016-19.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-19.html"
                },
                {
                  "name": "openSUSE-SU-2016:0733",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
                },
                {
                  "name": "1035215",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1035215"
                },
                {
                  "name": "GLSA-201605-06",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201605-06"
                },
                {
                  "name": "USN-2917-2",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2917-2"
                },
                {
                  "name": "USN-2917-3",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2917-3"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "assignerShortName": "mozilla",
        "cveId": "CVE-2016-1956",
        "datePublished": "2016-03-13T18:00:00.000Z",
        "dateReserved": "2016-01-20T00:00:00.000Z",
        "dateUpdated": "2024-08-05T23:10:40.252Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-1955 (GCVE-0-2016-1955)

    Vulnerability from nvd – Published: 2016-03-13 18:00 – Updated: 2024-08-05 23:10
    VLAI
    Summary
    Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy (CSP) violation report that contains path information associated with an IFRAME element.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://bugzilla.mozilla.org/show_bug.cgi?id=1208946 x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-2917-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.mozilla.org/security/announce/2016/mfs… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.securitytracker.com/id/1035215 vdb-entryx_refsource_SECTRACK
    https://security.gentoo.org/glsa/201605-06 vendor-advisoryx_refsource_GENTOO
    http://www.ubuntu.com/usn/USN-2917-2 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-2917-3 vendor-advisoryx_refsource_UBUNTU
    Date Public
    2016-03-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T23:10:40.294Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "openSUSE-SU-2016:1767",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html"
              },
              {
                "name": "openSUSE-SU-2016:0731",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
              },
              {
                "name": "openSUSE-SU-2016:1778",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1208946"
              },
              {
                "name": "USN-2917-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2917-1"
              },
              {
                "name": "openSUSE-SU-2016:1769",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-18.html"
              },
              {
                "name": "openSUSE-SU-2016:0733",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
              },
              {
                "name": "1035215",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1035215"
              },
              {
                "name": "GLSA-201605-06",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201605-06"
              },
              {
                "name": "USN-2917-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2917-2"
              },
              {
                "name": "USN-2917-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2917-3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-03-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy (CSP) violation report that contains path information associated with an IFRAME element."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-12-01T15:57:02.000Z",
            "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
            "shortName": "mozilla"
          },
          "references": [
            {
              "name": "openSUSE-SU-2016:1767",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html"
            },
            {
              "name": "openSUSE-SU-2016:0731",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
            },
            {
              "name": "openSUSE-SU-2016:1778",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1208946"
            },
            {
              "name": "USN-2917-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2917-1"
            },
            {
              "name": "openSUSE-SU-2016:1769",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-18.html"
            },
            {
              "name": "openSUSE-SU-2016:0733",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
            },
            {
              "name": "1035215",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1035215"
            },
            {
              "name": "GLSA-201605-06",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201605-06"
            },
            {
              "name": "USN-2917-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2917-2"
            },
            {
              "name": "USN-2917-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2917-3"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@mozilla.org",
              "ID": "CVE-2016-1955",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy (CSP) violation report that contains path information associated with an IFRAME element."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "openSUSE-SU-2016:1767",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html"
                },
                {
                  "name": "openSUSE-SU-2016:0731",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
                },
                {
                  "name": "openSUSE-SU-2016:1778",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1208946",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1208946"
                },
                {
                  "name": "USN-2917-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2917-1"
                },
                {
                  "name": "openSUSE-SU-2016:1769",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html"
                },
                {
                  "name": "http://www.mozilla.org/security/announce/2016/mfsa2016-18.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-18.html"
                },
                {
                  "name": "openSUSE-SU-2016:0733",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
                },
                {
                  "name": "1035215",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1035215"
                },
                {
                  "name": "GLSA-201605-06",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201605-06"
                },
                {
                  "name": "USN-2917-2",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2917-2"
                },
                {
                  "name": "USN-2917-3",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2917-3"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "assignerShortName": "mozilla",
        "cveId": "CVE-2016-1955",
        "datePublished": "2016-03-13T18:00:00.000Z",
        "dateReserved": "2016-01-20T00:00:00.000Z",
        "dateUpdated": "2024-08-05T23:10:40.294Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-1954 (GCVE-0-2016-1954)

    Vulnerability from nvd – Published: 2016-03-13 18:00 – Updated: 2024-08-05 23:10
    VLAI
    Summary
    The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy (CSP) violation report, which allows remote attackers to cause a denial of service (data overwrite) or possibly gain privileges by specifying a URL of a local file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://hg.mozilla.org/releases/mozilla-release/re… x_refsource_CONFIRM
    https://bugzilla.mozilla.org/show_bug.cgi?id=1243178 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.mozilla.org/security/announce/2016/mfs… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-2917-1 vendor-advisoryx_refsource_UBUNTU
    http://www.debian.org/security/2016/dsa-3520 vendor-advisoryx_refsource_DEBIAN
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.debian.org/security/2016/dsa-3510 vendor-advisoryx_refsource_DEBIAN
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.securitytracker.com/id/1035215 vdb-entryx_refsource_SECTRACK
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://security.gentoo.org/glsa/201605-06 vendor-advisoryx_refsource_GENTOO
    http://www.ubuntu.com/usn/USN-2934-1 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-2917-2 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-2917-3 vendor-advisoryx_refsource_UBUNTU
    Date Public
    2016-03-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T23:10:40.334Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "openSUSE-SU-2016:0894",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://hg.mozilla.org/releases/mozilla-release/rev/5154bb929236"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1243178"
              },
              {
                "name": "SUSE-SU-2016:0820",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
              },
              {
                "name": "openSUSE-SU-2016:1767",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
              },
              {
                "name": "openSUSE-SU-2016:0731",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
              },
              {
                "name": "SUSE-SU-2016:0727",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
              },
              {
                "name": "openSUSE-SU-2016:1778",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-17.html"
              },
              {
                "name": "openSUSE-SU-2016:0876",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html"
              },
              {
                "name": "USN-2917-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2917-1"
              },
              {
                "name": "DSA-3520",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3520"
              },
              {
                "name": "openSUSE-SU-2016:1769",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html"
              },
              {
                "name": "SUSE-SU-2016:0909",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
              },
              {
                "name": "DSA-3510",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3510"
              },
              {
                "name": "openSUSE-SU-2016:0733",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
              },
              {
                "name": "1035215",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1035215"
              },
              {
                "name": "SUSE-SU-2016:0777",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
              },
              {
                "name": "GLSA-201605-06",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201605-06"
              },
              {
                "name": "USN-2934-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2934-1"
              },
              {
                "name": "USN-2917-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2917-2"
              },
              {
                "name": "USN-2917-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2917-3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-03-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy (CSP) violation report, which allows remote attackers to cause a denial of service (data overwrite) or possibly gain privileges by specifying a URL of a local file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-12-01T16:57:01.000Z",
            "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
            "shortName": "mozilla"
          },
          "references": [
            {
              "name": "openSUSE-SU-2016:0894",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://hg.mozilla.org/releases/mozilla-release/rev/5154bb929236"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1243178"
            },
            {
              "name": "SUSE-SU-2016:0820",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
            },
            {
              "name": "openSUSE-SU-2016:1767",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
            },
            {
              "name": "openSUSE-SU-2016:0731",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
            },
            {
              "name": "SUSE-SU-2016:0727",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
            },
            {
              "name": "openSUSE-SU-2016:1778",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-17.html"
            },
            {
              "name": "openSUSE-SU-2016:0876",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html"
            },
            {
              "name": "USN-2917-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2917-1"
            },
            {
              "name": "DSA-3520",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3520"
            },
            {
              "name": "openSUSE-SU-2016:1769",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html"
            },
            {
              "name": "SUSE-SU-2016:0909",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
            },
            {
              "name": "DSA-3510",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3510"
            },
            {
              "name": "openSUSE-SU-2016:0733",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
            },
            {
              "name": "1035215",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1035215"
            },
            {
              "name": "SUSE-SU-2016:0777",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
            },
            {
              "name": "GLSA-201605-06",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201605-06"
            },
            {
              "name": "USN-2934-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2934-1"
            },
            {
              "name": "USN-2917-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2917-2"
            },
            {
              "name": "USN-2917-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2917-3"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@mozilla.org",
              "ID": "CVE-2016-1954",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy (CSP) violation report, which allows remote attackers to cause a denial of service (data overwrite) or possibly gain privileges by specifying a URL of a local file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "openSUSE-SU-2016:0894",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html"
                },
                {
                  "name": "http://hg.mozilla.org/releases/mozilla-release/rev/5154bb929236",
                  "refsource": "CONFIRM",
                  "url": "http://hg.mozilla.org/releases/mozilla-release/rev/5154bb929236"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1243178",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1243178"
                },
                {
                  "name": "SUSE-SU-2016:0820",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
                },
                {
                  "name": "openSUSE-SU-2016:1767",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
                },
                {
                  "name": "openSUSE-SU-2016:0731",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
                },
                {
                  "name": "SUSE-SU-2016:0727",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
                },
                {
                  "name": "openSUSE-SU-2016:1778",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html"
                },
                {
                  "name": "http://www.mozilla.org/security/announce/2016/mfsa2016-17.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-17.html"
                },
                {
                  "name": "openSUSE-SU-2016:0876",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html"
                },
                {
                  "name": "USN-2917-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2917-1"
                },
                {
                  "name": "DSA-3520",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2016/dsa-3520"
                },
                {
                  "name": "openSUSE-SU-2016:1769",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html"
                },
                {
                  "name": "SUSE-SU-2016:0909",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
                },
                {
                  "name": "DSA-3510",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2016/dsa-3510"
                },
                {
                  "name": "openSUSE-SU-2016:0733",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
                },
                {
                  "name": "1035215",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1035215"
                },
                {
                  "name": "SUSE-SU-2016:0777",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
                },
                {
                  "name": "GLSA-201605-06",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201605-06"
                },
                {
                  "name": "USN-2934-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2934-1"
                },
                {
                  "name": "USN-2917-2",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2917-2"
                },
                {
                  "name": "USN-2917-3",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2917-3"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "assignerShortName": "mozilla",
        "cveId": "CVE-2016-1954",
        "datePublished": "2016-03-13T18:00:00.000Z",
        "dateReserved": "2016-01-20T00:00:00.000Z",
        "dateUpdated": "2024-08-05T23:10:40.334Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-1953 (GCVE-0-2016-1953)

    Vulnerability from nvd – Published: 2016-03-13 18:00 – Updated: 2024-08-05 23:10
    VLAI
    Summary
    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to js/src/jit/arm/Assembler-arm.cpp, and unknown other vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://bugzilla.mozilla.org/show_bug.cgi?id=1243583 x_refsource_CONFIRM
    https://bugzilla.mozilla.org/show_bug.cgi?id=1234425 x_refsource_CONFIRM
    https://bugzilla.mozilla.org/show_bug.cgi?id=1236519 x_refsource_CONFIRM
    https://bugzilla.mozilla.org/show_bug.cgi?id=1248794 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://bugzilla.mozilla.org/show_bug.cgi?id=1238935 x_refsource_CONFIRM
    https://bugzilla.mozilla.org/show_bug.cgi?id=1225618 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.mozilla.org/security/announce/2016/mfs… x_refsource_CONFIRM
    https://bugzilla.mozilla.org/show_bug.cgi?id=1245866 x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-2917-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://bugzilla.mozilla.org/show_bug.cgi?id=1224363 x_refsource_CONFIRM
    https://bugzilla.mozilla.org/show_bug.cgi?id=1224361 x_refsource_CONFIRM
    https://bugzilla.mozilla.org/show_bug.cgi?id=1243555 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://bugzilla.mozilla.org/show_bug.cgi?id=1207958 x_refsource_CONFIRM
    https://bugzilla.mozilla.org/show_bug.cgi?id=1241731 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://bugzilla.mozilla.org/show_bug.cgi?id=1247236 x_refsource_CONFIRM
    https://bugzilla.mozilla.org/show_bug.cgi?id=1238558 x_refsource_CONFIRM
    http://www.securitytracker.com/id/1035215 vdb-entryx_refsource_SECTRACK
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://security.gentoo.org/glsa/201605-06 vendor-advisoryx_refsource_GENTOO
    https://bugzilla.mozilla.org/show_bug.cgi?id=1224369 x_refsource_CONFIRM
    https://bugzilla.mozilla.org/show_bug.cgi?id=1205163 x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-2917-2 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-2917-3 vendor-advisoryx_refsource_UBUNTU
    https://bugzilla.mozilla.org/show_bug.cgi?id=1199171 x_refsource_CONFIRM
    Date Public
    2016-03-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T23:10:40.448Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1243583"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1234425"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1236519"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1248794"
              },
              {
                "name": "SUSE-SU-2016:0820",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
              },
              {
                "name": "openSUSE-SU-2016:1767",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1238935"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1225618"
              },
              {
                "name": "openSUSE-SU-2016:0731",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
              },
              {
                "name": "SUSE-SU-2016:0727",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
              },
              {
                "name": "openSUSE-SU-2016:1778",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-16.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1245866"
              },
              {
                "name": "USN-2917-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2917-1"
              },
              {
                "name": "openSUSE-SU-2016:1769",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1224363"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1224361"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1243555"
              },
              {
                "name": "SUSE-SU-2016:0909",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1207958"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1241731"
              },
              {
                "name": "openSUSE-SU-2016:0733",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1247236"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1238558"
              },
              {
                "name": "1035215",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1035215"
              },
              {
                "name": "SUSE-SU-2016:0777",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
              },
              {
                "name": "GLSA-201605-06",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201605-06"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1224369"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1205163"
              },
              {
                "name": "USN-2917-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2917-2"
              },
              {
                "name": "USN-2917-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2917-3"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1199171"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-03-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to js/src/jit/arm/Assembler-arm.cpp, and unknown other vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-12-01T15:57:02.000Z",
            "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
            "shortName": "mozilla"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1243583"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1234425"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1236519"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1248794"
            },
            {
              "name": "SUSE-SU-2016:0820",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
            },
            {
              "name": "openSUSE-SU-2016:1767",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1238935"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1225618"
            },
            {
              "name": "openSUSE-SU-2016:0731",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
            },
            {
              "name": "SUSE-SU-2016:0727",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
            },
            {
              "name": "openSUSE-SU-2016:1778",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-16.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1245866"
            },
            {
              "name": "USN-2917-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2917-1"
            },
            {
              "name": "openSUSE-SU-2016:1769",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1224363"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1224361"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1243555"
            },
            {
              "name": "SUSE-SU-2016:0909",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1207958"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1241731"
            },
            {
              "name": "openSUSE-SU-2016:0733",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1247236"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1238558"
            },
            {
              "name": "1035215",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1035215"
            },
            {
              "name": "SUSE-SU-2016:0777",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
            },
            {
              "name": "GLSA-201605-06",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201605-06"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1224369"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1205163"
            },
            {
              "name": "USN-2917-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2917-2"
            },
            {
              "name": "USN-2917-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2917-3"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1199171"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@mozilla.org",
              "ID": "CVE-2016-1953",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to js/src/jit/arm/Assembler-arm.cpp, and unknown other vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1243583",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1243583"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1234425",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1234425"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1236519",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1236519"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1248794",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1248794"
                },
                {
                  "name": "SUSE-SU-2016:0820",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
                },
                {
                  "name": "openSUSE-SU-2016:1767",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1238935",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1238935"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1225618",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1225618"
                },
                {
                  "name": "openSUSE-SU-2016:0731",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
                },
                {
                  "name": "SUSE-SU-2016:0727",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
                },
                {
                  "name": "openSUSE-SU-2016:1778",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html"
                },
                {
                  "name": "http://www.mozilla.org/security/announce/2016/mfsa2016-16.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-16.html"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1245866",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1245866"
                },
                {
                  "name": "USN-2917-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2917-1"
                },
                {
                  "name": "openSUSE-SU-2016:1769",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1224363",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1224363"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1224361",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1224361"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1243555",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1243555"
                },
                {
                  "name": "SUSE-SU-2016:0909",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1207958",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1207958"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1241731",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1241731"
                },
                {
                  "name": "openSUSE-SU-2016:0733",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1247236",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1247236"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1238558",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1238558"
                },
                {
                  "name": "1035215",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1035215"
                },
                {
                  "name": "SUSE-SU-2016:0777",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
                },
                {
                  "name": "GLSA-201605-06",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201605-06"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1224369",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1224369"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1205163",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1205163"
                },
                {
                  "name": "USN-2917-2",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2917-2"
                },
                {
                  "name": "USN-2917-3",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2917-3"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1199171",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1199171"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "assignerShortName": "mozilla",
        "cveId": "CVE-2016-1953",
        "datePublished": "2016-03-13T18:00:00.000Z",
        "dateReserved": "2016-01-20T00:00:00.000Z",
        "dateUpdated": "2024-08-05T23:10:40.448Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-1952 (GCVE-0-2016-1952)

    Vulnerability from nvd – Published: 2016-03-13 18:00 – Updated: 2024-08-05 23:10
    VLAI
    Summary
    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://bugzilla.mozilla.org/show_bug.cgi?id=1241217 x_refsource_CONFIRM
    https://bugzilla.mozilla.org/show_bug.cgi?id=1244250 x_refsource_CONFIRM
    https://bugzilla.mozilla.org/show_bug.cgi?id=1234578 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://bugzilla.mozilla.org/show_bug.cgi?id=1249685 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.mozilla.org/security/announce/2016/mfs… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-2917-1 vendor-advisoryx_refsource_UBUNTU
    https://bugzilla.mozilla.org/show_bug.cgi?id=1123661 x_refsource_CONFIRM
    https://bugzilla.mozilla.org/show_bug.cgi?id=1244995 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://bugzilla.mozilla.org/show_bug.cgi?id=1221872 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.debian.org/security/2016/dsa-3510 vendor-advisoryx_refsource_DEBIAN
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.securitytracker.com/id/1035215 vdb-entryx_refsource_SECTRACK
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://security.gentoo.org/glsa/201605-06 vendor-advisoryx_refsource_GENTOO
    https://bugzilla.mozilla.org/show_bug.cgi?id=1224979 x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-2934-1 vendor-advisoryx_refsource_UBUNTU
    https://bugzilla.mozilla.org/show_bug.cgi?id=1242279 x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-2917-2 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-2917-3 vendor-advisoryx_refsource_UBUNTU
    Date Public
    2016-03-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T23:10:40.312Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "openSUSE-SU-2016:0894",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1241217"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1244250"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1234578"
              },
              {
                "name": "SUSE-SU-2016:0820",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
              },
              {
                "name": "openSUSE-SU-2016:1767",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
              },
              {
                "name": "openSUSE-SU-2016:0731",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
              },
              {
                "name": "SUSE-SU-2016:0727",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1249685"
              },
              {
                "name": "openSUSE-SU-2016:1778",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-16.html"
              },
              {
                "name": "openSUSE-SU-2016:0876",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html"
              },
              {
                "name": "USN-2917-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2917-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1123661"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1244995"
              },
              {
                "name": "openSUSE-SU-2016:1769",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1221872"
              },
              {
                "name": "SUSE-SU-2016:0909",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
              },
              {
                "name": "DSA-3510",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3510"
              },
              {
                "name": "openSUSE-SU-2016:0733",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
              },
              {
                "name": "1035215",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1035215"
              },
              {
                "name": "SUSE-SU-2016:0777",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
              },
              {
                "name": "GLSA-201605-06",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201605-06"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1224979"
              },
              {
                "name": "USN-2934-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2934-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1242279"
              },
              {
                "name": "USN-2917-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2917-2"
              },
              {
                "name": "USN-2917-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2917-3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-03-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-12-01T16:57:01.000Z",
            "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
            "shortName": "mozilla"
          },
          "references": [
            {
              "name": "openSUSE-SU-2016:0894",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1241217"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1244250"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1234578"
            },
            {
              "name": "SUSE-SU-2016:0820",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
            },
            {
              "name": "openSUSE-SU-2016:1767",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
            },
            {
              "name": "openSUSE-SU-2016:0731",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
            },
            {
              "name": "SUSE-SU-2016:0727",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1249685"
            },
            {
              "name": "openSUSE-SU-2016:1778",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-16.html"
            },
            {
              "name": "openSUSE-SU-2016:0876",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html"
            },
            {
              "name": "USN-2917-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2917-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1123661"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1244995"
            },
            {
              "name": "openSUSE-SU-2016:1769",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1221872"
            },
            {
              "name": "SUSE-SU-2016:0909",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
            },
            {
              "name": "DSA-3510",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3510"
            },
            {
              "name": "openSUSE-SU-2016:0733",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
            },
            {
              "name": "1035215",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1035215"
            },
            {
              "name": "SUSE-SU-2016:0777",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
            },
            {
              "name": "GLSA-201605-06",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201605-06"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1224979"
            },
            {
              "name": "USN-2934-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2934-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1242279"
            },
            {
              "name": "USN-2917-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2917-2"
            },
            {
              "name": "USN-2917-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2917-3"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@mozilla.org",
              "ID": "CVE-2016-1952",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "openSUSE-SU-2016:0894",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1241217",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1241217"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1244250",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1244250"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1234578",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1234578"
                },
                {
                  "name": "SUSE-SU-2016:0820",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
                },
                {
                  "name": "openSUSE-SU-2016:1767",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
                },
                {
                  "name": "openSUSE-SU-2016:0731",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
                },
                {
                  "name": "SUSE-SU-2016:0727",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1249685",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1249685"
                },
                {
                  "name": "openSUSE-SU-2016:1778",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html"
                },
                {
                  "name": "http://www.mozilla.org/security/announce/2016/mfsa2016-16.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-16.html"
                },
                {
                  "name": "openSUSE-SU-2016:0876",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html"
                },
                {
                  "name": "USN-2917-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2917-1"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1123661",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1123661"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1244995",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1244995"
                },
                {
                  "name": "openSUSE-SU-2016:1769",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1221872",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1221872"
                },
                {
                  "name": "SUSE-SU-2016:0909",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
                },
                {
                  "name": "DSA-3510",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2016/dsa-3510"
                },
                {
                  "name": "openSUSE-SU-2016:0733",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
                },
                {
                  "name": "1035215",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1035215"
                },
                {
                  "name": "SUSE-SU-2016:0777",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
                },
                {
                  "name": "GLSA-201605-06",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201605-06"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1224979",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1224979"
                },
                {
                  "name": "USN-2934-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2934-1"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1242279",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1242279"
                },
                {
                  "name": "USN-2917-2",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2917-2"
                },
                {
                  "name": "USN-2917-3",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2917-3"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "assignerShortName": "mozilla",
        "cveId": "CVE-2016-1952",
        "datePublished": "2016-03-13T18:00:00.000Z",
        "dateReserved": "2016-01-20T00:00:00.000Z",
        "dateUpdated": "2024-08-05T23:10:40.312Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-13730 (GCVE-0-2019-13730)

    Vulnerability from cvelistv5 – Published: 2019-12-10 21:01 – Updated: 2024-08-05 00:05
    VLAI
    Summary
    Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
    Severity
    No CVSS data available.
    CWE
    • Type Confusion
    Assigner
    References
    URL Tags
    https://chromereleases.googleblog.com/2019/12/sta… x_refsource_MISC
    https://crbug.com/1028862 x_refsource_MISC
    https://access.redhat.com/errata/RHSA-2019:4238 vendor-advisoryx_refsource_REDHAT
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    https://seclists.org/bugtraq/2020/Jan/27 mailing-listx_refsource_BUGTRAQ
    https://www.debian.org/security/2020/dsa-4606 vendor-advisoryx_refsource_DEBIAN
    https://security.gentoo.org/glsa/202003-08 vendor-advisoryx_refsource_GENTOO
    Impacted products
    Vendor Product Version
    Google Chrome Affected: unspecified , < 79.0.3945.79 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:05:43.749Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://crbug.com/1028862"
              },
              {
                "name": "RHSA-2019:4238",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:4238"
              },
              {
                "name": "openSUSE-SU-2019:2692",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html"
              },
              {
                "name": "FEDORA-2019-1a10c04281",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/"
              },
              {
                "name": "openSUSE-SU-2019:2694",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html"
              },
              {
                "name": "FEDORA-2020-4355ea258e",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/"
              },
              {
                "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2020/Jan/27"
              },
              {
                "name": "DSA-4606",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2020/dsa-4606"
              },
              {
                "name": "GLSA-202003-08",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202003-08"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Chrome",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "79.0.3945.79",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Type Confusion",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-13T04:06:10.000Z",
            "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            "shortName": "Chrome"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://crbug.com/1028862"
            },
            {
              "name": "RHSA-2019:4238",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:4238"
            },
            {
              "name": "openSUSE-SU-2019:2692",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html"
            },
            {
              "name": "FEDORA-2019-1a10c04281",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/"
            },
            {
              "name": "openSUSE-SU-2019:2694",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html"
            },
            {
              "name": "FEDORA-2020-4355ea258e",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/"
            },
            {
              "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2020/Jan/27"
            },
            {
              "name": "DSA-4606",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2020/dsa-4606"
            },
            {
              "name": "GLSA-202003-08",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/202003-08"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "chrome-cve-admin@google.com",
              "ID": "CVE-2019-13730",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Chrome",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "79.0.3945.79"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Google"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Type Confusion"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html",
                  "refsource": "MISC",
                  "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html"
                },
                {
                  "name": "https://crbug.com/1028862",
                  "refsource": "MISC",
                  "url": "https://crbug.com/1028862"
                },
                {
                  "name": "RHSA-2019:4238",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:4238"
                },
                {
                  "name": "openSUSE-SU-2019:2692",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html"
                },
                {
                  "name": "FEDORA-2019-1a10c04281",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/"
                },
                {
                  "name": "openSUSE-SU-2019:2694",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html"
                },
                {
                  "name": "FEDORA-2020-4355ea258e",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/"
                },
                {
                  "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2020/Jan/27"
                },
                {
                  "name": "DSA-4606",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2020/dsa-4606"
                },
                {
                  "name": "GLSA-202003-08",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/202003-08"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "assignerShortName": "Chrome",
        "cveId": "CVE-2019-13730",
        "datePublished": "2019-12-10T21:01:44.000Z",
        "dateReserved": "2019-07-18T00:00:00.000Z",
        "dateUpdated": "2024-08-05T00:05:43.749Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-9811 (GCVE-0-2019-9811)

    Vulnerability from cvelistv5 – Published: 2019-07-23 13:26 – Updated: 2024-08-04 22:01
    VLAI
    Summary
    As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
    Severity
    No CVSS data available.
    CWE
    • Sandbox escape via installation of malicious language pack
    Assigner
    Impacted products
    Vendor Product Version
    Mozilla Firefox ESR Affected: unspecified , < 60.8 (custom)
    Create a notification for this product.
    Mozilla Firefox Affected: unspecified , < 68 (custom)
    Create a notification for this product.
    Mozilla Thunderbird Affected: unspecified , < 60.8 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:01:54.737Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.mozilla.org/security/advisories/mfsa2019-21/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.mozilla.org/security/advisories/mfsa2019-22/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.mozilla.org/security/advisories/mfsa2019-23/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1538007"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1539598"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1563327"
              },
              {
                "name": "openSUSE-SU-2019:1811",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html"
              },
              {
                "name": "openSUSE-SU-2019:1813",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html"
              },
              {
                "name": "[debian-lts-announce] 20190802 [SECURITY] [DLA 1869-1] firefox-esr security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00001.html"
              },
              {
                "name": "[debian-lts-announce] 20190802 [SECURITY] [DLA 1870-1] thunderbird security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00002.html"
              },
              {
                "name": "GLSA-201908-12",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201908-12"
              },
              {
                "name": "GLSA-201908-20",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201908-20"
              },
              {
                "name": "openSUSE-SU-2019:1990",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00073.html"
              },
              {
                "name": "openSUSE-SU-2019:2251",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html"
              },
              {
                "name": "openSUSE-SU-2019:2260",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Firefox ESR",
              "vendor": "Mozilla",
              "versions": [
                {
                  "lessThan": "60.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Firefox",
              "vendor": "Mozilla",
              "versions": [
                {
                  "lessThan": "68",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Thunderbird",
              "vendor": "Mozilla",
              "versions": [
                {
                  "lessThan": "60.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Sandbox escape via installation of malicious language pack",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-10-06T14:06:25.000Z",
            "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
            "shortName": "mozilla"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.mozilla.org/security/advisories/mfsa2019-21/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.mozilla.org/security/advisories/mfsa2019-22/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.mozilla.org/security/advisories/mfsa2019-23/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1538007"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1539598"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1563327"
            },
            {
              "name": "openSUSE-SU-2019:1811",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html"
            },
            {
              "name": "openSUSE-SU-2019:1813",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html"
            },
            {
              "name": "[debian-lts-announce] 20190802 [SECURITY] [DLA 1869-1] firefox-esr security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00001.html"
            },
            {
              "name": "[debian-lts-announce] 20190802 [SECURITY] [DLA 1870-1] thunderbird security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00002.html"
            },
            {
              "name": "GLSA-201908-12",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201908-12"
            },
            {
              "name": "GLSA-201908-20",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201908-20"
            },
            {
              "name": "openSUSE-SU-2019:1990",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00073.html"
            },
            {
              "name": "openSUSE-SU-2019:2251",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html"
            },
            {
              "name": "openSUSE-SU-2019:2260",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@mozilla.org",
              "ID": "CVE-2019-9811",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Firefox ESR",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "60.8"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Firefox",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "68"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Thunderbird",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "60.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Mozilla"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Sandbox escape via installation of malicious language pack"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.mozilla.org/security/advisories/mfsa2019-21/",
                  "refsource": "MISC",
                  "url": "https://www.mozilla.org/security/advisories/mfsa2019-21/"
                },
                {
                  "name": "https://www.mozilla.org/security/advisories/mfsa2019-22/",
                  "refsource": "MISC",
                  "url": "https://www.mozilla.org/security/advisories/mfsa2019-22/"
                },
                {
                  "name": "https://www.mozilla.org/security/advisories/mfsa2019-23/",
                  "refsource": "MISC",
                  "url": "https://www.mozilla.org/security/advisories/mfsa2019-23/"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1538007",
                  "refsource": "MISC",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1538007"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1539598",
                  "refsource": "MISC",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1539598"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1563327",
                  "refsource": "MISC",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1563327"
                },
                {
                  "name": "openSUSE-SU-2019:1811",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html"
                },
                {
                  "name": "openSUSE-SU-2019:1813",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html"
                },
                {
                  "name": "[debian-lts-announce] 20190802 [SECURITY] [DLA 1869-1] firefox-esr security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00001.html"
                },
                {
                  "name": "[debian-lts-announce] 20190802 [SECURITY] [DLA 1870-1] thunderbird security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00002.html"
                },
                {
                  "name": "GLSA-201908-12",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201908-12"
                },
                {
                  "name": "GLSA-201908-20",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201908-20"
                },
                {
                  "name": "openSUSE-SU-2019:1990",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00073.html"
                },
                {
                  "name": "openSUSE-SU-2019:2251",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html"
                },
                {
                  "name": "openSUSE-SU-2019:2260",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "assignerShortName": "mozilla",
        "cveId": "CVE-2019-9811",
        "datePublished": "2019-07-23T13:26:03.000Z",
        "dateReserved": "2019-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-04T22:01:54.737Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-11717 (GCVE-0-2019-11717)

    Vulnerability from cvelistv5 – Published: 2019-07-23 13:18 – Updated: 2024-08-04 23:03
    VLAI
    Summary
    A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
    Severity
    No CVSS data available.
    CWE
    • Caret character improperly escaped in origins
    Assigner
    Impacted products
    Vendor Product Version
    Mozilla Firefox ESR Affected: unspecified , < 60.8 (custom)
    Create a notification for this product.
    Mozilla Firefox Affected: unspecified , < 68 (custom)
    Create a notification for this product.
    Mozilla Thunderbird Affected: unspecified , < 60.8 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T23:03:32.386Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.mozilla.org/security/advisories/mfsa2019-21/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.mozilla.org/security/advisories/mfsa2019-22/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.mozilla.org/security/advisories/mfsa2019-23/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1548306"
              },
              {
                "name": "openSUSE-SU-2019:1811",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html"
              },
              {
                "name": "openSUSE-SU-2019:1813",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html"
              },
              {
                "name": "[debian-lts-announce] 20190802 [SECURITY] [DLA 1869-1] firefox-esr security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00001.html"
              },
              {
                "name": "[debian-lts-announce] 20190802 [SECURITY] [DLA 1870-1] thunderbird security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00002.html"
              },
              {
                "name": "GLSA-201908-12",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201908-12"
              },
              {
                "name": "GLSA-201908-20",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201908-20"
              },
              {
                "name": "openSUSE-SU-2019:1990",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00073.html"
              },
              {
                "name": "openSUSE-SU-2019:2248",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html"
              },
              {
                "name": "openSUSE-SU-2019:2249",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Firefox ESR",
              "vendor": "Mozilla",
              "versions": [
                {
                  "lessThan": "60.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Firefox",
              "vendor": "Mozilla",
              "versions": [
                {
                  "lessThan": "68",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Thunderbird",
              "vendor": "Mozilla",
              "versions": [
                {
                  "lessThan": "60.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability exists where the caret (\"^\") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Caret character improperly escaped in origins",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-10-04T17:06:46.000Z",
            "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
            "shortName": "mozilla"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.mozilla.org/security/advisories/mfsa2019-21/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.mozilla.org/security/advisories/mfsa2019-22/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.mozilla.org/security/advisories/mfsa2019-23/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1548306"
            },
            {
              "name": "openSUSE-SU-2019:1811",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html"
            },
            {
              "name": "openSUSE-SU-2019:1813",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html"
            },
            {
              "name": "[debian-lts-announce] 20190802 [SECURITY] [DLA 1869-1] firefox-esr security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00001.html"
            },
            {
              "name": "[debian-lts-announce] 20190802 [SECURITY] [DLA 1870-1] thunderbird security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00002.html"
            },
            {
              "name": "GLSA-201908-12",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201908-12"
            },
            {
              "name": "GLSA-201908-20",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201908-20"
            },
            {
              "name": "openSUSE-SU-2019:1990",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00073.html"
            },
            {
              "name": "openSUSE-SU-2019:2248",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html"
            },
            {
              "name": "openSUSE-SU-2019:2249",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@mozilla.org",
              "ID": "CVE-2019-11717",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Firefox ESR",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "60.8"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Firefox",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "68"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Thunderbird",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "60.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Mozilla"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability exists where the caret (\"^\") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. This vulnerability affects Firefox ESR \u003c 60.8, Firefox \u003c 68, and Thunderbird \u003c 60.8."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Caret character improperly escaped in origins"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.mozilla.org/security/advisories/mfsa2019-21/",
                  "refsource": "MISC",
                  "url": "https://www.mozilla.org/security/advisories/mfsa2019-21/"
                },
                {
                  "name": "https://www.mozilla.org/security/advisories/mfsa2019-22/",
                  "refsource": "MISC",
                  "url": "https://www.mozilla.org/security/advisories/mfsa2019-22/"
                },
                {
                  "name": "https://www.mozilla.org/security/advisories/mfsa2019-23/",
                  "refsource": "MISC",
                  "url": "https://www.mozilla.org/security/advisories/mfsa2019-23/"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1548306",
                  "refsource": "MISC",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1548306"
                },
                {
                  "name": "openSUSE-SU-2019:1811",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html"
                },
                {
                  "name": "openSUSE-SU-2019:1813",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html"
                },
                {
                  "name": "[debian-lts-announce] 20190802 [SECURITY] [DLA 1869-1] firefox-esr security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00001.html"
                },
                {
                  "name": "[debian-lts-announce] 20190802 [SECURITY] [DLA 1870-1] thunderbird security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00002.html"
                },
                {
                  "name": "GLSA-201908-12",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201908-12"
                },
                {
                  "name": "GLSA-201908-20",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201908-20"
                },
                {
                  "name": "openSUSE-SU-2019:1990",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00073.html"
                },
                {
                  "name": "openSUSE-SU-2019:2248",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html"
                },
                {
                  "name": "openSUSE-SU-2019:2249",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "assignerShortName": "mozilla",
        "cveId": "CVE-2019-11717",
        "datePublished": "2019-07-23T13:18:07.000Z",
        "dateReserved": "2019-05-03T00:00:00.000Z",
        "dateUpdated": "2024-08-04T23:03:32.386Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-11338 (GCVE-0-2019-11338)

    Vulnerability from cvelistv5 – Published: 2019-04-18 23:52 – Updated: 2024-08-04 22:48
    VLAI
    Summary
    libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://github.com/FFmpeg/FFmpeg/commit/54655623a… x_refsource_MISC
    http://www.securityfocus.com/bid/108034 vdb-entryx_refsource_BID
    https://usn.ubuntu.com/3967-1/ vendor-advisoryx_refsource_UBUNTU
    https://seclists.org/bugtraq/2019/May/60 mailing-listx_refsource_BUGTRAQ
    https://www.debian.org/security/2019/dsa-4449 vendor-advisoryx_refsource_DEBIAN
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://usn.ubuntu.com/4431-1/ vendor-advisoryx_refsource_UBUNTU
    https://github.com/FFmpeg/FFmpeg/commit/9ccc63306… x_refsource_MISC
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:48:09.222Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/FFmpeg/FFmpeg/commit/54655623a82632e7624714d7b2a3e039dc5faa7e"
              },
              {
                "name": "108034",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/108034"
              },
              {
                "name": "USN-3967-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3967-1/"
              },
              {
                "name": "20190523 [SECURITY] [DSA 4449-1] ffmpeg security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/May/60"
              },
              {
                "name": "DSA-4449",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2019/dsa-4449"
              },
              {
                "name": "[debian-lts-announce] 20190529 [SECURITY] [DLA 1809-1] libav security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00043.html"
              },
              {
                "name": "openSUSE-SU-2020:0024",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html"
              },
              {
                "name": "USN-4431-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4431-1/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/FFmpeg/FFmpeg/commit/9ccc633068c6fe76989f487c8932bd11886ad65b"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-04T18:07:38.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/FFmpeg/FFmpeg/commit/54655623a82632e7624714d7b2a3e039dc5faa7e"
            },
            {
              "name": "108034",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/108034"
            },
            {
              "name": "USN-3967-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3967-1/"
            },
            {
              "name": "20190523 [SECURITY] [DSA 4449-1] ffmpeg security update",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/May/60"
            },
            {
              "name": "DSA-4449",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2019/dsa-4449"
            },
            {
              "name": "[debian-lts-announce] 20190529 [SECURITY] [DLA 1809-1] libav security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00043.html"
            },
            {
              "name": "openSUSE-SU-2020:0024",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html"
            },
            {
              "name": "USN-4431-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4431-1/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/FFmpeg/FFmpeg/commit/9ccc633068c6fe76989f487c8932bd11886ad65b"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-11338",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/FFmpeg/FFmpeg/commit/54655623a82632e7624714d7b2a3e039dc5faa7e",
                  "refsource": "MISC",
                  "url": "https://github.com/FFmpeg/FFmpeg/commit/54655623a82632e7624714d7b2a3e039dc5faa7e"
                },
                {
                  "name": "108034",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/108034"
                },
                {
                  "name": "USN-3967-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3967-1/"
                },
                {
                  "name": "20190523 [SECURITY] [DSA 4449-1] ffmpeg security update",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/May/60"
                },
                {
                  "name": "DSA-4449",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2019/dsa-4449"
                },
                {
                  "name": "[debian-lts-announce] 20190529 [SECURITY] [DLA 1809-1] libav security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00043.html"
                },
                {
                  "name": "openSUSE-SU-2020:0024",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html"
                },
                {
                  "name": "USN-4431-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4431-1/"
                },
                {
                  "name": "https://github.com/FFmpeg/FFmpeg/commit/9ccc633068c6fe76989f487c8932bd11886ad65b",
                  "refsource": "MISC",
                  "url": "https://github.com/FFmpeg/FFmpeg/commit/9ccc633068c6fe76989f487c8932bd11886ad65b"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-11338",
        "datePublished": "2019-04-18T23:52:00.000Z",
        "dateReserved": "2019-04-18T00:00:00.000Z",
        "dateUpdated": "2024-08-04T22:48:09.222Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-8932 (GCVE-0-2017-8932)

    Vulnerability from cvelistv5 – Published: 2017-07-06 16:00 – Updated: 2024-08-05 16:48
    VLAI
    Summary
    A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by submitting crafted points and observing failures to the derive correct output. This leads to a full key recovery attack against static ECDH, as used in popular JWT libraries.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2017-05-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:48:22.902Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[golang-announce] 20170523  [security] Go 1.7.6 and Go 1.8.2 are released",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://groups.google.com/d/msg/golang-announce/B5ww0iFt1_Q/TgUFJV14BgAJ"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/golang/go/commit/9294fa2749ffee7edbbb817a0ef9fe633136fa9c"
              },
              {
                "name": "RHSA-2017:1859",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:1859"
              },
              {
                "name": "openSUSE-SU-2017:1650",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2017-06/msg00080.html"
              },
              {
                "name": "openSUSE-SU-2017:1649",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2017-06/msg00079.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1455191"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/golang/go/issues/20040"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://go-review.googlesource.com/c/41070/"
              },
              {
                "name": "FEDORA-2017-278f46fcd6",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZH4T47ROLZ6YEZBDVXVS2KISTDMXAPS/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-05-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by submitting crafted points and observing failures to the derive correct output. This leads to a full key recovery attack against static ECDH, as used in popular JWT libraries."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-04T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[golang-announce] 20170523  [security] Go 1.7.6 and Go 1.8.2 are released",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://groups.google.com/d/msg/golang-announce/B5ww0iFt1_Q/TgUFJV14BgAJ"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/golang/go/commit/9294fa2749ffee7edbbb817a0ef9fe633136fa9c"
            },
            {
              "name": "RHSA-2017:1859",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:1859"
            },
            {
              "name": "openSUSE-SU-2017:1650",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2017-06/msg00080.html"
            },
            {
              "name": "openSUSE-SU-2017:1649",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2017-06/msg00079.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1455191"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/golang/go/issues/20040"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://go-review.googlesource.com/c/41070/"
            },
            {
              "name": "FEDORA-2017-278f46fcd6",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZH4T47ROLZ6YEZBDVXVS2KISTDMXAPS/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-8932",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by submitting crafted points and observing failures to the derive correct output. This leads to a full key recovery attack against static ECDH, as used in popular JWT libraries."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[golang-announce] 20170523  [security] Go 1.7.6 and Go 1.8.2 are released",
                  "refsource": "MLIST",
                  "url": "https://groups.google.com/d/msg/golang-announce/B5ww0iFt1_Q/TgUFJV14BgAJ"
                },
                {
                  "name": "https://github.com/golang/go/commit/9294fa2749ffee7edbbb817a0ef9fe633136fa9c",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/golang/go/commit/9294fa2749ffee7edbbb817a0ef9fe633136fa9c"
                },
                {
                  "name": "RHSA-2017:1859",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:1859"
                },
                {
                  "name": "openSUSE-SU-2017:1650",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2017-06/msg00080.html"
                },
                {
                  "name": "openSUSE-SU-2017:1649",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2017-06/msg00079.html"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1455191",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1455191"
                },
                {
                  "name": "https://github.com/golang/go/issues/20040",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/golang/go/issues/20040"
                },
                {
                  "name": "https://go-review.googlesource.com/c/41070/",
                  "refsource": "CONFIRM",
                  "url": "https://go-review.googlesource.com/c/41070/"
                },
                {
                  "name": "FEDORA-2017-278f46fcd6",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZH4T47ROLZ6YEZBDVXVS2KISTDMXAPS/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-8932",
        "datePublished": "2017-07-06T16:00:00.000Z",
        "dateReserved": "2017-05-15T00:00:00.000Z",
        "dateUpdated": "2024-08-05T16:48:22.902Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-4303 (GCVE-0-2016-4303)

    Vulnerability from cvelistv5 – Published: 2016-09-26 14:00 – Updated: 2024-08-06 00:25
    VLAI
    Summary
    The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2016-06-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:25:14.113Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.talosintelligence.com/reports/TALOS-2016-0164/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://blog.talosintel.com/2016/06/esnet-vulnerability.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://software.es.net/iperf/news.html#security-issue-iperf-3-1-3-iperf-3-0-12-released"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://raw.githubusercontent.com/esnet/security/master/cve-2016-4303/esnet-secadv-2016-0001.txt.asc"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/esnet/iperf/commit/91f2fa59e8ed80dfbf400add0164ee0e508e412a"
              },
              {
                "name": "openSUSE-SU-2016:2113",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00082.html"
              },
              {
                "name": "openSUSE-SU-2016:2121",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00090.html"
              },
              {
                "name": "[debian-lts-announce] 20200127 [SECURITY] [DLA 2080-1] iperf3 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00023.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-06-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-27T23:06:04.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.talosintelligence.com/reports/TALOS-2016-0164/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://blog.talosintel.com/2016/06/esnet-vulnerability.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://software.es.net/iperf/news.html#security-issue-iperf-3-1-3-iperf-3-0-12-released"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://raw.githubusercontent.com/esnet/security/master/cve-2016-4303/esnet-secadv-2016-0001.txt.asc"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/esnet/iperf/commit/91f2fa59e8ed80dfbf400add0164ee0e508e412a"
            },
            {
              "name": "openSUSE-SU-2016:2113",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00082.html"
            },
            {
              "name": "openSUSE-SU-2016:2121",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00090.html"
            },
            {
              "name": "[debian-lts-announce] 20200127 [SECURITY] [DLA 2080-1] iperf3 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00023.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2016-4303",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.talosintelligence.com/reports/TALOS-2016-0164/",
                  "refsource": "MISC",
                  "url": "http://www.talosintelligence.com/reports/TALOS-2016-0164/"
                },
                {
                  "name": "http://blog.talosintel.com/2016/06/esnet-vulnerability.html",
                  "refsource": "MISC",
                  "url": "http://blog.talosintel.com/2016/06/esnet-vulnerability.html"
                },
                {
                  "name": "http://software.es.net/iperf/news.html#security-issue-iperf-3-1-3-iperf-3-0-12-released",
                  "refsource": "CONFIRM",
                  "url": "http://software.es.net/iperf/news.html#security-issue-iperf-3-1-3-iperf-3-0-12-released"
                },
                {
                  "name": "https://raw.githubusercontent.com/esnet/security/master/cve-2016-4303/esnet-secadv-2016-0001.txt.asc",
                  "refsource": "CONFIRM",
                  "url": "https://raw.githubusercontent.com/esnet/security/master/cve-2016-4303/esnet-secadv-2016-0001.txt.asc"
                },
                {
                  "name": "https://github.com/esnet/iperf/commit/91f2fa59e8ed80dfbf400add0164ee0e508e412a",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/esnet/iperf/commit/91f2fa59e8ed80dfbf400add0164ee0e508e412a"
                },
                {
                  "name": "openSUSE-SU-2016:2113",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00082.html"
                },
                {
                  "name": "openSUSE-SU-2016:2121",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00090.html"
                },
                {
                  "name": "[debian-lts-announce] 20200127 [SECURITY] [DLA 2080-1] iperf3 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00023.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2016-4303",
        "datePublished": "2016-09-26T14:00:00.000Z",
        "dateReserved": "2016-04-27T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:25:14.113Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-1704 (GCVE-0-2016-1704)

    Vulnerability from cvelistv5 – Published: 2016-07-03 21:00 – Updated: 2024-08-05 23:02
    VLAI
    Summary
    Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.103 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2016:1262 vendor-advisoryx_refsource_REDHAT
    http://googlechromereleases.blogspot.com/2016/06/… x_refsource_CONFIRM
    https://crbug.com/620742 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://crbug.com/613915 x_refsource_CONFIRM
    https://crbug.com/613698 x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-3015-1 vendor-advisoryx_refsource_UBUNTU
    https://crbug.com/610799 x_refsource_CONFIRM
    http://www.debian.org/security/2016/dsa-3637 vendor-advisoryx_refsource_DEBIAN
    Date Public
    2016-06-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T23:02:12.838Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2016:1262",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2016:1262"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://googlechromereleases.blogspot.com/2016/06/stable-channel-update_16.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://crbug.com/620742"
              },
              {
                "name": "openSUSE-SU-2016:1626",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00039.html"
              },
              {
                "name": "openSUSE-SU-2016:1624",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00037.html"
              },
              {
                "name": "openSUSE-SU-2016:1655",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html"
              },
              {
                "name": "openSUSE-SU-2016:1623",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00036.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://crbug.com/613915"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://crbug.com/613698"
              },
              {
                "name": "USN-3015-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3015-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://crbug.com/610799"
              },
              {
                "name": "DSA-3637",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3637"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-06-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.103 allow attackers to cause a denial of service or possibly have other impact via unknown vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-11-25T20:57:01.000Z",
            "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            "shortName": "Chrome"
          },
          "references": [
            {
              "name": "RHSA-2016:1262",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2016:1262"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://googlechromereleases.blogspot.com/2016/06/stable-channel-update_16.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://crbug.com/620742"
            },
            {
              "name": "openSUSE-SU-2016:1626",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00039.html"
            },
            {
              "name": "openSUSE-SU-2016:1624",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00037.html"
            },
            {
              "name": "openSUSE-SU-2016:1655",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html"
            },
            {
              "name": "openSUSE-SU-2016:1623",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00036.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://crbug.com/613915"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://crbug.com/613698"
            },
            {
              "name": "USN-3015-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3015-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://crbug.com/610799"
            },
            {
              "name": "DSA-3637",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3637"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@google.com",
              "ID": "CVE-2016-1704",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.103 allow attackers to cause a denial of service or possibly have other impact via unknown vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "RHSA-2016:1262",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2016:1262"
                },
                {
                  "name": "http://googlechromereleases.blogspot.com/2016/06/stable-channel-update_16.html",
                  "refsource": "CONFIRM",
                  "url": "http://googlechromereleases.blogspot.com/2016/06/stable-channel-update_16.html"
                },
                {
                  "name": "https://crbug.com/620742",
                  "refsource": "CONFIRM",
                  "url": "https://crbug.com/620742"
                },
                {
                  "name": "openSUSE-SU-2016:1626",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00039.html"
                },
                {
                  "name": "openSUSE-SU-2016:1624",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00037.html"
                },
                {
                  "name": "openSUSE-SU-2016:1655",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html"
                },
                {
                  "name": "openSUSE-SU-2016:1623",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00036.html"
                },
                {
                  "name": "https://crbug.com/613915",
                  "refsource": "CONFIRM",
                  "url": "https://crbug.com/613915"
                },
                {
                  "name": "https://crbug.com/613698",
                  "refsource": "CONFIRM",
                  "url": "https://crbug.com/613698"
                },
                {
                  "name": "USN-3015-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3015-1"
                },
                {
                  "name": "https://crbug.com/610799",
                  "refsource": "CONFIRM",
                  "url": "https://crbug.com/610799"
                },
                {
                  "name": "DSA-3637",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2016/dsa-3637"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "assignerShortName": "Chrome",
        "cveId": "CVE-2016-1704",
        "datePublished": "2016-07-03T21:00:00.000Z",
        "dateReserved": "2016-01-12T00:00:00.000Z",
        "dateUpdated": "2024-08-05T23:02:12.838Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-2818 (GCVE-0-2016-2818)

    Vulnerability from cvelistv5 – Published: 2016-06-13 10:00 – Updated: 2024-08-05 23:32
    VLAI
    Summary
    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1036057 vdb-entryx_refsource_SECTRACK
    http://www.debian.org/security/2016/dsa-3647 vendor-advisoryx_refsource_DEBIAN
    https://bugzilla.mozilla.org/show_bug.cgi?id=1234147 x_refsource_CONFIRM
    https://bugzilla.mozilla.org/show_bug.cgi?id=1265577 x_refsource_CONFIRM
    https://access.redhat.com/errata/RHSA-2016:1217 vendor-advisoryx_refsource_REDHAT
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://bugzilla.mozilla.org/show_bug.cgi?id=1256739 x_refsource_CONFIRM
    https://bugzilla.mozilla.org/show_bug.cgi?id=1261752 x_refsource_CONFIRM
    https://bugzilla.mozilla.org/show_bug.cgi?id=1269729 x_refsource_CONFIRM
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    https://bugzilla.mozilla.org/show_bug.cgi?id=1256968 x_refsource_CONFIRM
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://bugzilla.mozilla.org/show_bug.cgi?id=1264575 x_refsource_CONFIRM
    https://bugzilla.mozilla.org/show_bug.cgi?id=1267130 x_refsource_CONFIRM
    https://access.redhat.com/errata/RHSA-2016:1392 vendor-advisoryx_refsource_REDHAT
    http://www.mozilla.org/security/announce/2016/mfs… x_refsource_CONFIRM
    https://bugzilla.mozilla.org/show_bug.cgi?id=1261230 x_refsource_CONFIRM
    https://bugzilla.mozilla.org/show_bug.cgi?id=1273202 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://bugzilla.mozilla.org/show_bug.cgi?id=1256493 x_refsource_CONFIRM
    https://bugzilla.mozilla.org/show_bug.cgi?id=1263384 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-3023-1 vendor-advisoryx_refsource_UBUNTU
    https://bugzilla.mozilla.org/show_bug.cgi?id=1273701 x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-2993-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.securityfocus.com/bid/91075 vdb-entryx_refsource_BID
    http://www.debian.org/security/2016/dsa-3600 vendor-advisoryx_refsource_DEBIAN
    Date Public
    2016-06-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T23:32:21.231Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1036057",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1036057"
              },
              {
                "name": "DSA-3647",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3647"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1234147"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1265577"
              },
              {
                "name": "RHSA-2016:1217",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2016:1217"
              },
              {
                "name": "openSUSE-SU-2016:1557",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1256739"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1261752"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1269729"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1256968"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
              },
              {
                "name": "openSUSE-SU-2016:1767",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html"
              },
              {
                "name": "openSUSE-SU-2016:1778",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1264575"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1267130"
              },
              {
                "name": "RHSA-2016:1392",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2016:1392"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-49.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1261230"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1273202"
              },
              {
                "name": "openSUSE-SU-2016:1769",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1256493"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1263384"
              },
              {
                "name": "openSUSE-SU-2016:1552",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html"
              },
              {
                "name": "USN-3023-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3023-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1273701"
              },
              {
                "name": "USN-2993-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2993-1"
              },
              {
                "name": "SUSE-SU-2016:1691",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.html"
              },
              {
                "name": "91075",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/91075"
              },
              {
                "name": "DSA-3600",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3600"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-06-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-11-25T20:57:01.000Z",
            "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
            "shortName": "mozilla"
          },
          "references": [
            {
              "name": "1036057",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1036057"
            },
            {
              "name": "DSA-3647",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3647"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1234147"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1265577"
            },
            {
              "name": "RHSA-2016:1217",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2016:1217"
            },
            {
              "name": "openSUSE-SU-2016:1557",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1256739"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1261752"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1269729"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1256968"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
            },
            {
              "name": "openSUSE-SU-2016:1767",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html"
            },
            {
              "name": "openSUSE-SU-2016:1778",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1264575"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1267130"
            },
            {
              "name": "RHSA-2016:1392",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2016:1392"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-49.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1261230"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1273202"
            },
            {
              "name": "openSUSE-SU-2016:1769",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1256493"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1263384"
            },
            {
              "name": "openSUSE-SU-2016:1552",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html"
            },
            {
              "name": "USN-3023-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3023-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1273701"
            },
            {
              "name": "USN-2993-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2993-1"
            },
            {
              "name": "SUSE-SU-2016:1691",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.html"
            },
            {
              "name": "91075",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/91075"
            },
            {
              "name": "DSA-3600",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3600"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@mozilla.org",
              "ID": "CVE-2016-2818",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1036057",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1036057"
                },
                {
                  "name": "DSA-3647",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2016/dsa-3647"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1234147",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1234147"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1265577",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1265577"
                },
                {
                  "name": "RHSA-2016:1217",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2016:1217"
                },
                {
                  "name": "openSUSE-SU-2016:1557",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1256739",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1256739"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1261752",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1261752"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1269729",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1269729"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1256968",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1256968"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
                },
                {
                  "name": "openSUSE-SU-2016:1767",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html"
                },
                {
                  "name": "openSUSE-SU-2016:1778",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1264575",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1264575"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1267130",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1267130"
                },
                {
                  "name": "RHSA-2016:1392",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2016:1392"
                },
                {
                  "name": "http://www.mozilla.org/security/announce/2016/mfsa2016-49.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-49.html"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1261230",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1261230"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1273202",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1273202"
                },
                {
                  "name": "openSUSE-SU-2016:1769",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1256493",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1256493"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1263384",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1263384"
                },
                {
                  "name": "openSUSE-SU-2016:1552",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html"
                },
                {
                  "name": "USN-3023-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-3023-1"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1273701",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1273701"
                },
                {
                  "name": "USN-2993-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2993-1"
                },
                {
                  "name": "SUSE-SU-2016:1691",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.html"
                },
                {
                  "name": "91075",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/91075"
                },
                {
                  "name": "DSA-3600",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2016/dsa-3600"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "assignerShortName": "mozilla",
        "cveId": "CVE-2016-2818",
        "datePublished": "2016-06-13T10:00:00.000Z",
        "dateReserved": "2016-03-01T00:00:00.000Z",
        "dateUpdated": "2024-08-05T23:32:21.231Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-1657 (GCVE-0-2016-1657)

    Vulnerability from cvelistv5 – Published: 2016-04-18 10:00 – Updated: 2024-08-05 23:02
    VLAI
    Summary
    The WebContentsImpl::FocusLocationBarByDefault function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 50.0.2661.75 mishandles focus for certain about:blank pages, which allows remote attackers to spoof the address bar via a crafted URL.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://crbug.com/567445 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://rhn.redhat.com/errata/RHSA-2016-0638.html vendor-advisoryx_refsource_REDHAT
    https://codereview.chromium.org/1678233003/ x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.debian.org/security/2016/dsa-3549 vendor-advisoryx_refsource_DEBIAN
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://googlechromereleases.blogspot.com/2016/04/… x_refsource_CONFIRM
    https://security.gentoo.org/glsa/201605-02 vendor-advisoryx_refsource_GENTOO
    Date Public
    2016-04-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T23:02:12.504Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://crbug.com/567445"
              },
              {
                "name": "openSUSE-SU-2016:1136",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00050.html"
              },
              {
                "name": "openSUSE-SU-2016:1135",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00049.html"
              },
              {
                "name": "RHSA-2016:0638",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-0638.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://codereview.chromium.org/1678233003/"
              },
              {
                "name": "SUSE-SU-2016:1060",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00040.html"
              },
              {
                "name": "DSA-3549",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3549"
              },
              {
                "name": "openSUSE-SU-2016:1061",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00041.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html"
              },
              {
                "name": "GLSA-201605-02",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201605-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-04-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The WebContentsImpl::FocusLocationBarByDefault function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 50.0.2661.75 mishandles focus for certain about:blank pages, which allows remote attackers to spoof the address bar via a crafted URL."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-11-30T18:57:01.000Z",
            "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            "shortName": "Chrome"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://crbug.com/567445"
            },
            {
              "name": "openSUSE-SU-2016:1136",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00050.html"
            },
            {
              "name": "openSUSE-SU-2016:1135",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00049.html"
            },
            {
              "name": "RHSA-2016:0638",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0638.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://codereview.chromium.org/1678233003/"
            },
            {
              "name": "SUSE-SU-2016:1060",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00040.html"
            },
            {
              "name": "DSA-3549",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3549"
            },
            {
              "name": "openSUSE-SU-2016:1061",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00041.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html"
            },
            {
              "name": "GLSA-201605-02",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201605-02"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@google.com",
              "ID": "CVE-2016-1657",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The WebContentsImpl::FocusLocationBarByDefault function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 50.0.2661.75 mishandles focus for certain about:blank pages, which allows remote attackers to spoof the address bar via a crafted URL."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://crbug.com/567445",
                  "refsource": "CONFIRM",
                  "url": "https://crbug.com/567445"
                },
                {
                  "name": "openSUSE-SU-2016:1136",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00050.html"
                },
                {
                  "name": "openSUSE-SU-2016:1135",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00049.html"
                },
                {
                  "name": "RHSA-2016:0638",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-0638.html"
                },
                {
                  "name": "https://codereview.chromium.org/1678233003/",
                  "refsource": "CONFIRM",
                  "url": "https://codereview.chromium.org/1678233003/"
                },
                {
                  "name": "SUSE-SU-2016:1060",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00040.html"
                },
                {
                  "name": "DSA-3549",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2016/dsa-3549"
                },
                {
                  "name": "openSUSE-SU-2016:1061",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00041.html"
                },
                {
                  "name": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html",
                  "refsource": "CONFIRM",
                  "url": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html"
                },
                {
                  "name": "GLSA-201605-02",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201605-02"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "assignerShortName": "Chrome",
        "cveId": "CVE-2016-1657",
        "datePublished": "2016-04-18T10:00:00.000Z",
        "dateReserved": "2016-01-12T00:00:00.000Z",
        "dateUpdated": "2024-08-05T23:02:12.504Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-1658 (GCVE-0-2016-1658)

    Vulnerability from cvelistv5 – Published: 2016-04-18 10:00 – Updated: 2024-08-05 23:02
    VLAI
    Summary
    The Extensions subsystem in Google Chrome before 50.0.2661.75 incorrectly relies on GetOrigin method calls for origin comparisons, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted extension.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://codereview.chromium.org/1658913002 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://rhn.redhat.com/errata/RHSA-2016-0638.html vendor-advisoryx_refsource_REDHAT
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.debian.org/security/2016/dsa-3549 vendor-advisoryx_refsource_DEBIAN
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://googlechromereleases.blogspot.com/2016/04/… x_refsource_CONFIRM
    https://security.gentoo.org/glsa/201605-02 vendor-advisoryx_refsource_GENTOO
    https://crbug.com/573317 x_refsource_CONFIRM
    Date Public
    2016-04-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T23:02:12.825Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "openSUSE-SU-2016:1136",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00050.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://codereview.chromium.org/1658913002"
              },
              {
                "name": "openSUSE-SU-2016:1135",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00049.html"
              },
              {
                "name": "RHSA-2016:0638",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-0638.html"
              },
              {
                "name": "SUSE-SU-2016:1060",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00040.html"
              },
              {
                "name": "DSA-3549",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3549"
              },
              {
                "name": "openSUSE-SU-2016:1061",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00041.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html"
              },
              {
                "name": "GLSA-201605-02",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201605-02"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://crbug.com/573317"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-04-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Extensions subsystem in Google Chrome before 50.0.2661.75 incorrectly relies on GetOrigin method calls for origin comparisons, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted extension."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-11-30T18:57:01.000Z",
            "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            "shortName": "Chrome"
          },
          "references": [
            {
              "name": "openSUSE-SU-2016:1136",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00050.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://codereview.chromium.org/1658913002"
            },
            {
              "name": "openSUSE-SU-2016:1135",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00049.html"
            },
            {
              "name": "RHSA-2016:0638",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0638.html"
            },
            {
              "name": "SUSE-SU-2016:1060",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00040.html"
            },
            {
              "name": "DSA-3549",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3549"
            },
            {
              "name": "openSUSE-SU-2016:1061",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00041.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html"
            },
            {
              "name": "GLSA-201605-02",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201605-02"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://crbug.com/573317"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@google.com",
              "ID": "CVE-2016-1658",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Extensions subsystem in Google Chrome before 50.0.2661.75 incorrectly relies on GetOrigin method calls for origin comparisons, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted extension."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "openSUSE-SU-2016:1136",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00050.html"
                },
                {
                  "name": "https://codereview.chromium.org/1658913002",
                  "refsource": "CONFIRM",
                  "url": "https://codereview.chromium.org/1658913002"
                },
                {
                  "name": "openSUSE-SU-2016:1135",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00049.html"
                },
                {
                  "name": "RHSA-2016:0638",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-0638.html"
                },
                {
                  "name": "SUSE-SU-2016:1060",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00040.html"
                },
                {
                  "name": "DSA-3549",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2016/dsa-3549"
                },
                {
                  "name": "openSUSE-SU-2016:1061",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00041.html"
                },
                {
                  "name": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html",
                  "refsource": "CONFIRM",
                  "url": "http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html"
                },
                {
                  "name": "GLSA-201605-02",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201605-02"
                },
                {
                  "name": "https://crbug.com/573317",
                  "refsource": "CONFIRM",
                  "url": "https://crbug.com/573317"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "assignerShortName": "Chrome",
        "cveId": "CVE-2016-1658",
        "datePublished": "2016-04-18T10:00:00.000Z",
        "dateReserved": "2016-01-12T00:00:00.000Z",
        "dateUpdated": "2024-08-05T23:02:12.825Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-1953 (GCVE-0-2016-1953)

    Vulnerability from cvelistv5 – Published: 2016-03-13 18:00 – Updated: 2024-08-05 23:10
    VLAI
    Summary
    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to js/src/jit/arm/Assembler-arm.cpp, and unknown other vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://bugzilla.mozilla.org/show_bug.cgi?id=1243583 x_refsource_CONFIRM
    https://bugzilla.mozilla.org/show_bug.cgi?id=1234425 x_refsource_CONFIRM
    https://bugzilla.mozilla.org/show_bug.cgi?id=1236519 x_refsource_CONFIRM
    https://bugzilla.mozilla.org/show_bug.cgi?id=1248794 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://bugzilla.mozilla.org/show_bug.cgi?id=1238935 x_refsource_CONFIRM
    https://bugzilla.mozilla.org/show_bug.cgi?id=1225618 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.mozilla.org/security/announce/2016/mfs… x_refsource_CONFIRM
    https://bugzilla.mozilla.org/show_bug.cgi?id=1245866 x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-2917-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://bugzilla.mozilla.org/show_bug.cgi?id=1224363 x_refsource_CONFIRM
    https://bugzilla.mozilla.org/show_bug.cgi?id=1224361 x_refsource_CONFIRM
    https://bugzilla.mozilla.org/show_bug.cgi?id=1243555 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://bugzilla.mozilla.org/show_bug.cgi?id=1207958 x_refsource_CONFIRM
    https://bugzilla.mozilla.org/show_bug.cgi?id=1241731 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://bugzilla.mozilla.org/show_bug.cgi?id=1247236 x_refsource_CONFIRM
    https://bugzilla.mozilla.org/show_bug.cgi?id=1238558 x_refsource_CONFIRM
    http://www.securitytracker.com/id/1035215 vdb-entryx_refsource_SECTRACK
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://security.gentoo.org/glsa/201605-06 vendor-advisoryx_refsource_GENTOO
    https://bugzilla.mozilla.org/show_bug.cgi?id=1224369 x_refsource_CONFIRM
    https://bugzilla.mozilla.org/show_bug.cgi?id=1205163 x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-2917-2 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-2917-3 vendor-advisoryx_refsource_UBUNTU
    https://bugzilla.mozilla.org/show_bug.cgi?id=1199171 x_refsource_CONFIRM
    Date Public
    2016-03-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T23:10:40.448Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1243583"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1234425"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1236519"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1248794"
              },
              {
                "name": "SUSE-SU-2016:0820",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
              },
              {
                "name": "openSUSE-SU-2016:1767",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1238935"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1225618"
              },
              {
                "name": "openSUSE-SU-2016:0731",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
              },
              {
                "name": "SUSE-SU-2016:0727",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
              },
              {
                "name": "openSUSE-SU-2016:1778",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-16.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1245866"
              },
              {
                "name": "USN-2917-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2917-1"
              },
              {
                "name": "openSUSE-SU-2016:1769",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1224363"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1224361"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1243555"
              },
              {
                "name": "SUSE-SU-2016:0909",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1207958"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1241731"
              },
              {
                "name": "openSUSE-SU-2016:0733",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1247236"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1238558"
              },
              {
                "name": "1035215",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1035215"
              },
              {
                "name": "SUSE-SU-2016:0777",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
              },
              {
                "name": "GLSA-201605-06",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201605-06"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1224369"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1205163"
              },
              {
                "name": "USN-2917-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2917-2"
              },
              {
                "name": "USN-2917-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2917-3"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1199171"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-03-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to js/src/jit/arm/Assembler-arm.cpp, and unknown other vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-12-01T15:57:02.000Z",
            "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
            "shortName": "mozilla"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1243583"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1234425"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1236519"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1248794"
            },
            {
              "name": "SUSE-SU-2016:0820",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
            },
            {
              "name": "openSUSE-SU-2016:1767",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1238935"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1225618"
            },
            {
              "name": "openSUSE-SU-2016:0731",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
            },
            {
              "name": "SUSE-SU-2016:0727",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
            },
            {
              "name": "openSUSE-SU-2016:1778",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-16.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1245866"
            },
            {
              "name": "USN-2917-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2917-1"
            },
            {
              "name": "openSUSE-SU-2016:1769",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1224363"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1224361"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1243555"
            },
            {
              "name": "SUSE-SU-2016:0909",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1207958"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1241731"
            },
            {
              "name": "openSUSE-SU-2016:0733",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1247236"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1238558"
            },
            {
              "name": "1035215",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1035215"
            },
            {
              "name": "SUSE-SU-2016:0777",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
            },
            {
              "name": "GLSA-201605-06",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201605-06"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1224369"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1205163"
            },
            {
              "name": "USN-2917-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2917-2"
            },
            {
              "name": "USN-2917-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2917-3"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1199171"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@mozilla.org",
              "ID": "CVE-2016-1953",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to js/src/jit/arm/Assembler-arm.cpp, and unknown other vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1243583",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1243583"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1234425",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1234425"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1236519",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1236519"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1248794",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1248794"
                },
                {
                  "name": "SUSE-SU-2016:0820",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
                },
                {
                  "name": "openSUSE-SU-2016:1767",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1238935",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1238935"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1225618",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1225618"
                },
                {
                  "name": "openSUSE-SU-2016:0731",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
                },
                {
                  "name": "SUSE-SU-2016:0727",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
                },
                {
                  "name": "openSUSE-SU-2016:1778",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html"
                },
                {
                  "name": "http://www.mozilla.org/security/announce/2016/mfsa2016-16.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-16.html"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1245866",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1245866"
                },
                {
                  "name": "USN-2917-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2917-1"
                },
                {
                  "name": "openSUSE-SU-2016:1769",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1224363",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1224363"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1224361",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1224361"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1243555",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1243555"
                },
                {
                  "name": "SUSE-SU-2016:0909",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1207958",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1207958"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1241731",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1241731"
                },
                {
                  "name": "openSUSE-SU-2016:0733",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1247236",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1247236"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1238558",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1238558"
                },
                {
                  "name": "1035215",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1035215"
                },
                {
                  "name": "SUSE-SU-2016:0777",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
                },
                {
                  "name": "GLSA-201605-06",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201605-06"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1224369",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1224369"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1205163",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1205163"
                },
                {
                  "name": "USN-2917-2",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2917-2"
                },
                {
                  "name": "USN-2917-3",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2917-3"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1199171",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1199171"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "assignerShortName": "mozilla",
        "cveId": "CVE-2016-1953",
        "datePublished": "2016-03-13T18:00:00.000Z",
        "dateReserved": "2016-01-20T00:00:00.000Z",
        "dateUpdated": "2024-08-05T23:10:40.448Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-1957 (GCVE-0-2016-1957)

    Vulnerability from cvelistv5 – Published: 2016-03-13 18:00 – Updated: 2024-08-05 23:10
    VLAI
    Summary
    Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that triggers a delete operation on an array.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.mozilla.org/security/announce/2016/mfs… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-2917-1 vendor-advisoryx_refsource_UBUNTU
    http://www.debian.org/security/2016/dsa-3520 vendor-advisoryx_refsource_DEBIAN
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://bugzilla.mozilla.org/show_bug.cgi?id=1227052 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.debian.org/security/2016/dsa-3510 vendor-advisoryx_refsource_DEBIAN
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.securitytracker.com/id/1035215 vdb-entryx_refsource_SECTRACK
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://security.gentoo.org/glsa/201605-06 vendor-advisoryx_refsource_GENTOO
    http://www.ubuntu.com/usn/USN-2934-1 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-2917-2 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-2917-3 vendor-advisoryx_refsource_UBUNTU
    Date Public
    2016-03-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T23:10:40.282Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "openSUSE-SU-2016:0894",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html"
              },
              {
                "name": "SUSE-SU-2016:0820",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
              },
              {
                "name": "openSUSE-SU-2016:1767",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
              },
              {
                "name": "openSUSE-SU-2016:0731",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
              },
              {
                "name": "SUSE-SU-2016:0727",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
              },
              {
                "name": "openSUSE-SU-2016:1778",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-20.html"
              },
              {
                "name": "openSUSE-SU-2016:0876",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html"
              },
              {
                "name": "USN-2917-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2917-1"
              },
              {
                "name": "DSA-3520",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3520"
              },
              {
                "name": "openSUSE-SU-2016:1769",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1227052"
              },
              {
                "name": "SUSE-SU-2016:0909",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
              },
              {
                "name": "DSA-3510",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3510"
              },
              {
                "name": "openSUSE-SU-2016:0733",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
              },
              {
                "name": "1035215",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1035215"
              },
              {
                "name": "SUSE-SU-2016:0777",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
              },
              {
                "name": "GLSA-201605-06",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201605-06"
              },
              {
                "name": "USN-2934-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2934-1"
              },
              {
                "name": "USN-2917-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2917-2"
              },
              {
                "name": "USN-2917-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2917-3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-03-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that triggers a delete operation on an array."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-12-01T16:57:01.000Z",
            "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
            "shortName": "mozilla"
          },
          "references": [
            {
              "name": "openSUSE-SU-2016:0894",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html"
            },
            {
              "name": "SUSE-SU-2016:0820",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
            },
            {
              "name": "openSUSE-SU-2016:1767",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
            },
            {
              "name": "openSUSE-SU-2016:0731",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
            },
            {
              "name": "SUSE-SU-2016:0727",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
            },
            {
              "name": "openSUSE-SU-2016:1778",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-20.html"
            },
            {
              "name": "openSUSE-SU-2016:0876",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html"
            },
            {
              "name": "USN-2917-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2917-1"
            },
            {
              "name": "DSA-3520",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3520"
            },
            {
              "name": "openSUSE-SU-2016:1769",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1227052"
            },
            {
              "name": "SUSE-SU-2016:0909",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
            },
            {
              "name": "DSA-3510",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3510"
            },
            {
              "name": "openSUSE-SU-2016:0733",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
            },
            {
              "name": "1035215",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1035215"
            },
            {
              "name": "SUSE-SU-2016:0777",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
            },
            {
              "name": "GLSA-201605-06",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201605-06"
            },
            {
              "name": "USN-2934-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2934-1"
            },
            {
              "name": "USN-2917-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2917-2"
            },
            {
              "name": "USN-2917-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2917-3"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@mozilla.org",
              "ID": "CVE-2016-1957",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that triggers a delete operation on an array."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "openSUSE-SU-2016:0894",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html"
                },
                {
                  "name": "SUSE-SU-2016:0820",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
                },
                {
                  "name": "openSUSE-SU-2016:1767",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
                },
                {
                  "name": "openSUSE-SU-2016:0731",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
                },
                {
                  "name": "SUSE-SU-2016:0727",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
                },
                {
                  "name": "openSUSE-SU-2016:1778",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html"
                },
                {
                  "name": "http://www.mozilla.org/security/announce/2016/mfsa2016-20.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-20.html"
                },
                {
                  "name": "openSUSE-SU-2016:0876",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html"
                },
                {
                  "name": "USN-2917-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2917-1"
                },
                {
                  "name": "DSA-3520",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2016/dsa-3520"
                },
                {
                  "name": "openSUSE-SU-2016:1769",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1227052",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1227052"
                },
                {
                  "name": "SUSE-SU-2016:0909",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
                },
                {
                  "name": "DSA-3510",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2016/dsa-3510"
                },
                {
                  "name": "openSUSE-SU-2016:0733",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
                },
                {
                  "name": "1035215",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1035215"
                },
                {
                  "name": "SUSE-SU-2016:0777",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
                },
                {
                  "name": "GLSA-201605-06",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201605-06"
                },
                {
                  "name": "USN-2934-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2934-1"
                },
                {
                  "name": "USN-2917-2",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2917-2"
                },
                {
                  "name": "USN-2917-3",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2917-3"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "assignerShortName": "mozilla",
        "cveId": "CVE-2016-1957",
        "datePublished": "2016-03-13T18:00:00.000Z",
        "dateReserved": "2016-01-20T00:00:00.000Z",
        "dateUpdated": "2024-08-05T23:10:40.282Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-1956 (GCVE-0-2016-1956)

    Vulnerability from cvelistv5 – Published: 2016-03-13 18:00 – Updated: 2024-08-05 23:10
    VLAI
    Summary
    Mozilla Firefox before 45.0 on Linux, when an Intel video driver is used, allows remote attackers to cause a denial of service (memory consumption or stack memory corruption) by triggering use of a WebGL shader.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://bugzilla.mozilla.org/show_bug.cgi?id=1199923 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-2917-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.mozilla.org/security/announce/2016/mfs… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.securitytracker.com/id/1035215 vdb-entryx_refsource_SECTRACK
    https://security.gentoo.org/glsa/201605-06 vendor-advisoryx_refsource_GENTOO
    http://www.ubuntu.com/usn/USN-2917-2 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-2917-3 vendor-advisoryx_refsource_UBUNTU
    Date Public
    2016-03-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T23:10:40.252Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1199923"
              },
              {
                "name": "openSUSE-SU-2016:1767",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html"
              },
              {
                "name": "openSUSE-SU-2016:0731",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
              },
              {
                "name": "openSUSE-SU-2016:1778",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html"
              },
              {
                "name": "USN-2917-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2917-1"
              },
              {
                "name": "openSUSE-SU-2016:1769",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-19.html"
              },
              {
                "name": "openSUSE-SU-2016:0733",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
              },
              {
                "name": "1035215",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1035215"
              },
              {
                "name": "GLSA-201605-06",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201605-06"
              },
              {
                "name": "USN-2917-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2917-2"
              },
              {
                "name": "USN-2917-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2917-3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-03-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Mozilla Firefox before 45.0 on Linux, when an Intel video driver is used, allows remote attackers to cause a denial of service (memory consumption or stack memory corruption) by triggering use of a WebGL shader."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-12-01T15:57:02.000Z",
            "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
            "shortName": "mozilla"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1199923"
            },
            {
              "name": "openSUSE-SU-2016:1767",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html"
            },
            {
              "name": "openSUSE-SU-2016:0731",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
            },
            {
              "name": "openSUSE-SU-2016:1778",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html"
            },
            {
              "name": "USN-2917-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2917-1"
            },
            {
              "name": "openSUSE-SU-2016:1769",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-19.html"
            },
            {
              "name": "openSUSE-SU-2016:0733",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
            },
            {
              "name": "1035215",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1035215"
            },
            {
              "name": "GLSA-201605-06",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201605-06"
            },
            {
              "name": "USN-2917-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2917-2"
            },
            {
              "name": "USN-2917-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2917-3"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@mozilla.org",
              "ID": "CVE-2016-1956",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Mozilla Firefox before 45.0 on Linux, when an Intel video driver is used, allows remote attackers to cause a denial of service (memory consumption or stack memory corruption) by triggering use of a WebGL shader."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1199923",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1199923"
                },
                {
                  "name": "openSUSE-SU-2016:1767",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html"
                },
                {
                  "name": "openSUSE-SU-2016:0731",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
                },
                {
                  "name": "openSUSE-SU-2016:1778",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html"
                },
                {
                  "name": "USN-2917-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2917-1"
                },
                {
                  "name": "openSUSE-SU-2016:1769",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html"
                },
                {
                  "name": "http://www.mozilla.org/security/announce/2016/mfsa2016-19.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-19.html"
                },
                {
                  "name": "openSUSE-SU-2016:0733",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
                },
                {
                  "name": "1035215",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1035215"
                },
                {
                  "name": "GLSA-201605-06",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201605-06"
                },
                {
                  "name": "USN-2917-2",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2917-2"
                },
                {
                  "name": "USN-2917-3",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2917-3"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "assignerShortName": "mozilla",
        "cveId": "CVE-2016-1956",
        "datePublished": "2016-03-13T18:00:00.000Z",
        "dateReserved": "2016-01-20T00:00:00.000Z",
        "dateUpdated": "2024-08-05T23:10:40.252Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-1955 (GCVE-0-2016-1955)

    Vulnerability from cvelistv5 – Published: 2016-03-13 18:00 – Updated: 2024-08-05 23:10
    VLAI
    Summary
    Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy (CSP) violation report that contains path information associated with an IFRAME element.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://bugzilla.mozilla.org/show_bug.cgi?id=1208946 x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-2917-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.mozilla.org/security/announce/2016/mfs… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.securitytracker.com/id/1035215 vdb-entryx_refsource_SECTRACK
    https://security.gentoo.org/glsa/201605-06 vendor-advisoryx_refsource_GENTOO
    http://www.ubuntu.com/usn/USN-2917-2 vendor-advisoryx_refsource_UBUNTU
    http://www.ubuntu.com/usn/USN-2917-3 vendor-advisoryx_refsource_UBUNTU
    Date Public
    2016-03-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T23:10:40.294Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "openSUSE-SU-2016:1767",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html"
              },
              {
                "name": "openSUSE-SU-2016:0731",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
              },
              {
                "name": "openSUSE-SU-2016:1778",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1208946"
              },
              {
                "name": "USN-2917-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2917-1"
              },
              {
                "name": "openSUSE-SU-2016:1769",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-18.html"
              },
              {
                "name": "openSUSE-SU-2016:0733",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
              },
              {
                "name": "1035215",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1035215"
              },
              {
                "name": "GLSA-201605-06",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201605-06"
              },
              {
                "name": "USN-2917-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2917-2"
              },
              {
                "name": "USN-2917-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2917-3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-03-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy (CSP) violation report that contains path information associated with an IFRAME element."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-12-01T15:57:02.000Z",
            "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
            "shortName": "mozilla"
          },
          "references": [
            {
              "name": "openSUSE-SU-2016:1767",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html"
            },
            {
              "name": "openSUSE-SU-2016:0731",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
            },
            {
              "name": "openSUSE-SU-2016:1778",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1208946"
            },
            {
              "name": "USN-2917-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2917-1"
            },
            {
              "name": "openSUSE-SU-2016:1769",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-18.html"
            },
            {
              "name": "openSUSE-SU-2016:0733",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
            },
            {
              "name": "1035215",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1035215"
            },
            {
              "name": "GLSA-201605-06",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201605-06"
            },
            {
              "name": "USN-2917-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2917-2"
            },
            {
              "name": "USN-2917-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2917-3"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@mozilla.org",
              "ID": "CVE-2016-1955",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy (CSP) violation report that contains path information associated with an IFRAME element."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "openSUSE-SU-2016:1767",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html"
                },
                {
                  "name": "openSUSE-SU-2016:0731",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
                },
                {
                  "name": "openSUSE-SU-2016:1778",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1208946",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1208946"
                },
                {
                  "name": "USN-2917-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2917-1"
                },
                {
                  "name": "openSUSE-SU-2016:1769",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html"
                },
                {
                  "name": "http://www.mozilla.org/security/announce/2016/mfsa2016-18.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-18.html"
                },
                {
                  "name": "openSUSE-SU-2016:0733",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
                },
                {
                  "name": "1035215",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1035215"
                },
                {
                  "name": "GLSA-201605-06",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201605-06"
                },
                {
                  "name": "USN-2917-2",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2917-2"
                },
                {
                  "name": "USN-2917-3",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2917-3"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "assignerShortName": "mozilla",
        "cveId": "CVE-2016-1955",
        "datePublished": "2016-03-13T18:00:00.000Z",
        "dateReserved": "2016-01-20T00:00:00.000Z",
        "dateUpdated": "2024-08-05T23:10:40.294Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }