Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2016-AVI-086
Vulnerability from certfr_avis - Published: 2016-03-08 - Updated: 2016-03-08
De multiples vulnérabilités ont été corrigées dans Mozilla Firefox. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "NSS versions ant\u00e9rieures \u00e0 3.21.1",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 38.7",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox versions ant\u00e9rieures \u00e0 45",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "NSS versions ant\u00e9rieures \u00e0 3.19.2.3",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-1963",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1963"
},
{
"name": "CVE-2016-1978",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1978"
},
{
"name": "CVE-2016-2801",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2801"
},
{
"name": "CVE-2016-1964",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1964"
},
{
"name": "CVE-2016-1979",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1979"
},
{
"name": "CVE-2016-1950",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1950"
},
{
"name": "CVE-2016-1960",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1960"
},
{
"name": "CVE-2016-1977",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1977"
},
{
"name": "CVE-2016-2791",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2791"
},
{
"name": "CVE-2016-1955",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1955"
},
{
"name": "CVE-2016-1966",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1966"
},
{
"name": "CVE-2016-1958",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1958"
},
{
"name": "CVE-2016-1953",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1953"
},
{
"name": "CVE-2016-2794",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2794"
},
{
"name": "CVE-2016-1967",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1967"
},
{
"name": "CVE-2016-2790",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2790"
},
{
"name": "CVE-2016-1974",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1974"
},
{
"name": "CVE-2016-1962",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1962"
},
{
"name": "CVE-2016-2798",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2798"
},
{
"name": "CVE-2016-1968",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1968"
},
{
"name": "CVE-2016-2802",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2802"
},
{
"name": "CVE-2016-1975",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1975"
},
{
"name": "CVE-2016-1972",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1972"
},
{
"name": "CVE-2016-1976",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1976"
},
{
"name": "CVE-2016-1971",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1971"
},
{
"name": "CVE-2016-1961",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1961"
},
{
"name": "CVE-2016-2792",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2792"
},
{
"name": "CVE-2016-1973",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1973"
},
{
"name": "CVE-2016-2796",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2796"
},
{
"name": "CVE-2016-1959",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1959"
},
{
"name": "CVE-2016-1970",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1970"
},
{
"name": "CVE-2016-2799",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2799"
},
{
"name": "CVE-2016-1952",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1952"
},
{
"name": "CVE-2016-1956",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1956"
},
{
"name": "CVE-2016-2795",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2795"
},
{
"name": "CVE-2016-1957",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1957"
},
{
"name": "CVE-2016-2797",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2797"
},
{
"name": "CVE-2016-1954",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1954"
},
{
"name": "CVE-2016-2800",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2800"
},
{
"name": "CVE-2016-2793",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2793"
},
{
"name": "CVE-2016-1965",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1965"
}
],
"initial_release_date": "2016-03-08T00:00:00",
"last_revision_date": "2016-03-08T00:00:00",
"links": [],
"reference": "CERTFR-2016-AVI-086",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-03-08T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMozilla Firefox\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Firefox",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-37 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-24 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-24/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-15 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-15/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-29 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-29/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-23 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-23/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-34 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-34/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-16 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-16/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-36 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-36/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-27 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-27/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-22 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-22/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-28 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-28/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-31 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-31/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-25 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-25/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-35 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-35/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-33 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-33/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-30 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-30/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-20 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-20/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-32 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-32/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-17 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-17/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-19 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-19/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-21 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-21/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-18 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-18/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2016-26 du 08 mars 2016",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-26/"
}
]
}
CVE-2016-1972 (GCVE-0-2016-1972)
Vulnerability from cvelistv5 – Published: 2016-03-13 18:00 – Updated: 2024-08-05 23:17
VLAI
EPSS
Summary
Race condition in libvpx in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://bugzilla.mozilla.org/show_bug.cgi?id=1218124 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/84220 | vdb-entryx_refsource_BID |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.mozilla.org/security/announce/2016/mfs… | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.securitytracker.com/id/1035215 | vdb-entryx_refsource_SECTRACK |
| https://security.gentoo.org/glsa/201605-06 | vendor-advisoryx_refsource_GENTOO |
Date Public
2016-03-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:50.302Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1218124"
},
{
"name": "84220",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/84220"
},
{
"name": "openSUSE-SU-2016:0731",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-32.html"
},
{
"name": "openSUSE-SU-2016:0733",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
},
{
"name": "1035215",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035215"
},
{
"name": "GLSA-201605-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201605-06"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Race condition in libvpx in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-01T15:57:02.000Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1218124"
},
{
"name": "84220",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/84220"
},
{
"name": "openSUSE-SU-2016:0731",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-32.html"
},
{
"name": "openSUSE-SU-2016:0733",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
},
{
"name": "1035215",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035215"
},
{
"name": "GLSA-201605-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201605-06"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2016-1972",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in libvpx in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1218124",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1218124"
},
{
"name": "84220",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84220"
},
{
"name": "openSUSE-SU-2016:0731",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
},
{
"name": "http://www.mozilla.org/security/announce/2016/mfsa2016-32.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-32.html"
},
{
"name": "openSUSE-SU-2016:0733",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
},
{
"name": "1035215",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035215"
},
{
"name": "GLSA-201605-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201605-06"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2016-1972",
"datePublished": "2016-03-13T18:00:00.000Z",
"dateReserved": "2016-01-20T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:17:50.302Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1973 (GCVE-0-2016-1973)
Vulnerability from cvelistv5 – Published: 2016-03-13 18:00 – Updated: 2024-08-05 23:17
VLAI
EPSS
Summary
Race condition in the GetStaticInstance function in the WebRTC implementation in Mozilla Firefox before 45.0 might allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://www.oracle.com/technetwork/topics/security… | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.ubuntu.com/usn/USN-2917-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.mozilla.org/security/announce/2016/mfs… | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.securitytracker.com/id/1035215 | vdb-entryx_refsource_SECTRACK |
| https://security.gentoo.org/glsa/201605-06 | vendor-advisoryx_refsource_GENTOO |
| https://bugzilla.mozilla.org/show_bug.cgi?id=1219339 | x_refsource_CONFIRM |
| http://www.ubuntu.com/usn/USN-2917-2 | vendor-advisoryx_refsource_UBUNTU |
| http://www.ubuntu.com/usn/USN-2917-3 | vendor-advisoryx_refsource_UBUNTU |
Date Public
2016-03-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:49.397Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name": "openSUSE-SU-2016:0731",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
},
{
"name": "USN-2917-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2917-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-33.html"
},
{
"name": "openSUSE-SU-2016:0733",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
},
{
"name": "1035215",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035215"
},
{
"name": "GLSA-201605-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201605-06"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1219339"
},
{
"name": "USN-2917-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2917-2"
},
{
"name": "USN-2917-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2917-3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Race condition in the GetStaticInstance function in the WebRTC implementation in Mozilla Firefox before 45.0 might allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-01T15:57:02.000Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name": "openSUSE-SU-2016:0731",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
},
{
"name": "USN-2917-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2917-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-33.html"
},
{
"name": "openSUSE-SU-2016:0733",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
},
{
"name": "1035215",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035215"
},
{
"name": "GLSA-201605-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201605-06"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1219339"
},
{
"name": "USN-2917-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2917-2"
},
{
"name": "USN-2917-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2917-3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2016-1973",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the GetStaticInstance function in the WebRTC implementation in Mozilla Firefox before 45.0 might allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name": "openSUSE-SU-2016:0731",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
},
{
"name": "USN-2917-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2917-1"
},
{
"name": "http://www.mozilla.org/security/announce/2016/mfsa2016-33.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-33.html"
},
{
"name": "openSUSE-SU-2016:0733",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
},
{
"name": "1035215",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035215"
},
{
"name": "GLSA-201605-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201605-06"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1219339",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1219339"
},
{
"name": "USN-2917-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2917-2"
},
{
"name": "USN-2917-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2917-3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2016-1973",
"datePublished": "2016-03-13T18:00:00.000Z",
"dateReserved": "2016-01-20T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:17:49.397Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1974 (GCVE-0-2016-1974)
Vulnerability from cvelistv5 – Published: 2016-03-13 18:00 – Updated: 2024-08-05 23:17
VLAI
EPSS
Summary
The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via crafted Unicode data in an HTML, XML, or SVG document.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
22 references
| URL | Tags |
|---|---|
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.mozilla.org/security/announce/2016/mfs… | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.oracle.com/technetwork/topics/security… | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.ubuntu.com/usn/USN-2917-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.debian.org/security/2016/dsa-3520 | vendor-advisoryx_refsource_DEBIAN |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://bugzilla.mozilla.org/show_bug.cgi?id=1228103 | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.debian.org/security/2016/dsa-3510 | vendor-advisoryx_refsource_DEBIAN |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.securitytracker.com/id/1035215 | vdb-entryx_refsource_SECTRACK |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://security.gentoo.org/glsa/201605-06 | vendor-advisoryx_refsource_GENTOO |
| http://www.ubuntu.com/usn/USN-2934-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.ubuntu.com/usn/USN-2917-2 | vendor-advisoryx_refsource_UBUNTU |
| http://www.ubuntu.com/usn/USN-2917-3 | vendor-advisoryx_refsource_UBUNTU |
Date Public
2016-03-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:49.780Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2016:0894",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-34.html"
},
{
"name": "SUSE-SU-2016:0820",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
},
{
"name": "openSUSE-SU-2016:1767",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name": "openSUSE-SU-2016:0731",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
},
{
"name": "SUSE-SU-2016:0727",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
},
{
"name": "openSUSE-SU-2016:1778",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html"
},
{
"name": "openSUSE-SU-2016:0876",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html"
},
{
"name": "USN-2917-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2917-1"
},
{
"name": "DSA-3520",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3520"
},
{
"name": "openSUSE-SU-2016:1769",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1228103"
},
{
"name": "SUSE-SU-2016:0909",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
},
{
"name": "DSA-3510",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3510"
},
{
"name": "openSUSE-SU-2016:0733",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
},
{
"name": "1035215",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035215"
},
{
"name": "SUSE-SU-2016:0777",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
},
{
"name": "GLSA-201605-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201605-06"
},
{
"name": "USN-2934-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2934-1"
},
{
"name": "USN-2917-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2917-2"
},
{
"name": "USN-2917-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2917-3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via crafted Unicode data in an HTML, XML, or SVG document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-01T16:57:01.000Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"name": "openSUSE-SU-2016:0894",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-34.html"
},
{
"name": "SUSE-SU-2016:0820",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
},
{
"name": "openSUSE-SU-2016:1767",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name": "openSUSE-SU-2016:0731",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
},
{
"name": "SUSE-SU-2016:0727",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
},
{
"name": "openSUSE-SU-2016:1778",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html"
},
{
"name": "openSUSE-SU-2016:0876",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html"
},
{
"name": "USN-2917-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2917-1"
},
{
"name": "DSA-3520",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3520"
},
{
"name": "openSUSE-SU-2016:1769",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1228103"
},
{
"name": "SUSE-SU-2016:0909",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
},
{
"name": "DSA-3510",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3510"
},
{
"name": "openSUSE-SU-2016:0733",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
},
{
"name": "1035215",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035215"
},
{
"name": "SUSE-SU-2016:0777",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
},
{
"name": "GLSA-201605-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201605-06"
},
{
"name": "USN-2934-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2934-1"
},
{
"name": "USN-2917-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2917-2"
},
{
"name": "USN-2917-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2917-3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2016-1974",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via crafted Unicode data in an HTML, XML, or SVG document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2016:0894",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html"
},
{
"name": "http://www.mozilla.org/security/announce/2016/mfsa2016-34.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-34.html"
},
{
"name": "SUSE-SU-2016:0820",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
},
{
"name": "openSUSE-SU-2016:1767",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name": "openSUSE-SU-2016:0731",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
},
{
"name": "SUSE-SU-2016:0727",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
},
{
"name": "openSUSE-SU-2016:1778",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html"
},
{
"name": "openSUSE-SU-2016:0876",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html"
},
{
"name": "USN-2917-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2917-1"
},
{
"name": "DSA-3520",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3520"
},
{
"name": "openSUSE-SU-2016:1769",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1228103",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1228103"
},
{
"name": "SUSE-SU-2016:0909",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
},
{
"name": "DSA-3510",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3510"
},
{
"name": "openSUSE-SU-2016:0733",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
},
{
"name": "1035215",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035215"
},
{
"name": "SUSE-SU-2016:0777",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
},
{
"name": "GLSA-201605-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201605-06"
},
{
"name": "USN-2934-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2934-1"
},
{
"name": "USN-2917-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2917-2"
},
{
"name": "USN-2917-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2917-3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2016-1974",
"datePublished": "2016-03-13T18:00:00.000Z",
"dateReserved": "2016-01-20T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:17:49.780Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1975 (GCVE-0-2016-1975)
Vulnerability from cvelistv5 – Published: 2016-03-13 18:00 – Updated: 2024-08-05 23:17
VLAI
EPSS
Summary
Multiple race conditions in dom/media/systemservices/CamerasChild.cpp in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://bugzilla.mozilla.org/show_bug.cgi?id=1230768 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/84220 | vdb-entryx_refsource_BID |
| http://hg.mozilla.org/releases/mozilla-release/re… | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.mozilla.org/security/announce/2016/mfs… | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.securitytracker.com/id/1035215 | vdb-entryx_refsource_SECTRACK |
| https://security.gentoo.org/glsa/201605-06 | vendor-advisoryx_refsource_GENTOO |
Date Public
2016-03-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:49.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1230768"
},
{
"name": "84220",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/84220"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.mozilla.org/releases/mozilla-release/rev/bafc86c12e63"
},
{
"name": "openSUSE-SU-2016:0731",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-32.html"
},
{
"name": "openSUSE-SU-2016:0733",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
},
{
"name": "1035215",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035215"
},
{
"name": "GLSA-201605-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201605-06"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple race conditions in dom/media/systemservices/CamerasChild.cpp in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-01T15:57:02.000Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1230768"
},
{
"name": "84220",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/84220"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.mozilla.org/releases/mozilla-release/rev/bafc86c12e63"
},
{
"name": "openSUSE-SU-2016:0731",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-32.html"
},
{
"name": "openSUSE-SU-2016:0733",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
},
{
"name": "1035215",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035215"
},
{
"name": "GLSA-201605-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201605-06"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2016-1975",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple race conditions in dom/media/systemservices/CamerasChild.cpp in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1230768",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1230768"
},
{
"name": "84220",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84220"
},
{
"name": "http://hg.mozilla.org/releases/mozilla-release/rev/bafc86c12e63",
"refsource": "CONFIRM",
"url": "http://hg.mozilla.org/releases/mozilla-release/rev/bafc86c12e63"
},
{
"name": "openSUSE-SU-2016:0731",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
},
{
"name": "http://www.mozilla.org/security/announce/2016/mfsa2016-32.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-32.html"
},
{
"name": "openSUSE-SU-2016:0733",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
},
{
"name": "1035215",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035215"
},
{
"name": "GLSA-201605-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201605-06"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2016-1975",
"datePublished": "2016-03-13T18:00:00.000Z",
"dateReserved": "2016-01-20T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:17:49.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1976 (GCVE-0-2016-1976)
Vulnerability from cvelistv5 – Published: 2016-03-13 18:00 – Updated: 2024-08-05 23:17
VLAI
EPSS
Summary
Use-after-free vulnerability in the DesktopDisplayDevice class in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/84220 | vdb-entryx_refsource_BID |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.mozilla.org/security/announce/2016/mfs… | x_refsource_CONFIRM |
| https://bugzilla.mozilla.org/show_bug.cgi?id=1176340 | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.securitytracker.com/id/1035215 | vdb-entryx_refsource_SECTRACK |
| https://security.gentoo.org/glsa/201605-06 | vendor-advisoryx_refsource_GENTOO |
Date Public
2016-03-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:50.176Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "84220",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/84220"
},
{
"name": "openSUSE-SU-2016:0731",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-32.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1176340"
},
{
"name": "openSUSE-SU-2016:0733",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
},
{
"name": "1035215",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035215"
},
{
"name": "GLSA-201605-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201605-06"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in the DesktopDisplayDevice class in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-01T15:57:02.000Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"name": "84220",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/84220"
},
{
"name": "openSUSE-SU-2016:0731",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-32.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1176340"
},
{
"name": "openSUSE-SU-2016:0733",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
},
{
"name": "1035215",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035215"
},
{
"name": "GLSA-201605-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201605-06"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2016-1976",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in the DesktopDisplayDevice class in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "84220",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84220"
},
{
"name": "openSUSE-SU-2016:0731",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
},
{
"name": "http://www.mozilla.org/security/announce/2016/mfsa2016-32.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-32.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1176340",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1176340"
},
{
"name": "openSUSE-SU-2016:0733",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
},
{
"name": "1035215",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035215"
},
{
"name": "GLSA-201605-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201605-06"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2016-1976",
"datePublished": "2016-03-13T18:00:00.000Z",
"dateReserved": "2016-01-20T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:17:50.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1977 (GCVE-0-2016-1977)
Vulnerability from cvelistv5 – Published: 2016-03-13 18:00 – Updated: 2024-08-05 23:17
VLAI
EPSS
Summary
The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted Graphite smart font.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
26 references
| URL | Tags |
|---|---|
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.securityfocus.com/bid/84222 | vdb-entryx_refsource_BID |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.oracle.com/technetwork/topics/security… | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.ubuntu.com/usn/USN-2917-1 | vendor-advisoryx_refsource_UBUNTU |
| https://bugzilla.mozilla.org/show_bug.cgi?id=1248876 | x_refsource_CONFIRM |
| http://www.ubuntu.com/usn/USN-2927-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.debian.org/security/2016/dsa-3520 | vendor-advisoryx_refsource_DEBIAN |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.debian.org/security/2016/dsa-3510 | vendor-advisoryx_refsource_DEBIAN |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.mozilla.org/security/announce/2016/mfs… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1035215 | vdb-entryx_refsource_SECTRACK |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://security.gentoo.org/glsa/201605-06 | vendor-advisoryx_refsource_GENTOO |
| http://www.debian.org/security/2016/dsa-3515 | vendor-advisoryx_refsource_DEBIAN |
| http://www.ubuntu.com/usn/USN-2934-1 | vendor-advisoryx_refsource_UBUNTU |
| https://security.gentoo.org/glsa/201701-63 | vendor-advisoryx_refsource_GENTOO |
| http://www.ubuntu.com/usn/USN-2917-2 | vendor-advisoryx_refsource_UBUNTU |
| http://www.ubuntu.com/usn/USN-2917-3 | vendor-advisoryx_refsource_UBUNTU |
Date Public
2016-03-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:50.321Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2016:0894",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html"
},
{
"name": "84222",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/84222"
},
{
"name": "SUSE-SU-2016:0820",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
},
{
"name": "openSUSE-SU-2016:1767",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name": "openSUSE-SU-2016:0731",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
},
{
"name": "SUSE-SU-2016:0727",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
},
{
"name": "openSUSE-SU-2016:1778",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html"
},
{
"name": "openSUSE-SU-2016:0876",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html"
},
{
"name": "USN-2917-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2917-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1248876"
},
{
"name": "USN-2927-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2927-1"
},
{
"name": "DSA-3520",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3520"
},
{
"name": "openSUSE-SU-2016:1769",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html"
},
{
"name": "SUSE-SU-2016:0909",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
},
{
"name": "DSA-3510",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3510"
},
{
"name": "openSUSE-SU-2016:0733",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-37.html"
},
{
"name": "1035215",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035215"
},
{
"name": "SUSE-SU-2016:0777",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
},
{
"name": "GLSA-201605-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201605-06"
},
{
"name": "DSA-3515",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3515"
},
{
"name": "USN-2934-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2934-1"
},
{
"name": "GLSA-201701-63",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-63"
},
{
"name": "USN-2917-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2917-2"
},
{
"name": "USN-2917-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2917-3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted Graphite smart font."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01.000Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"name": "openSUSE-SU-2016:0894",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html"
},
{
"name": "84222",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/84222"
},
{
"name": "SUSE-SU-2016:0820",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
},
{
"name": "openSUSE-SU-2016:1767",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name": "openSUSE-SU-2016:0731",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
},
{
"name": "SUSE-SU-2016:0727",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
},
{
"name": "openSUSE-SU-2016:1778",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html"
},
{
"name": "openSUSE-SU-2016:0876",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html"
},
{
"name": "USN-2917-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2917-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1248876"
},
{
"name": "USN-2927-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2927-1"
},
{
"name": "DSA-3520",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3520"
},
{
"name": "openSUSE-SU-2016:1769",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html"
},
{
"name": "SUSE-SU-2016:0909",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
},
{
"name": "DSA-3510",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3510"
},
{
"name": "openSUSE-SU-2016:0733",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-37.html"
},
{
"name": "1035215",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035215"
},
{
"name": "SUSE-SU-2016:0777",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
},
{
"name": "GLSA-201605-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201605-06"
},
{
"name": "DSA-3515",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3515"
},
{
"name": "USN-2934-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2934-1"
},
{
"name": "GLSA-201701-63",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-63"
},
{
"name": "USN-2917-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2917-2"
},
{
"name": "USN-2917-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2917-3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2016-1977",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted Graphite smart font."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2016:0894",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html"
},
{
"name": "84222",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84222"
},
{
"name": "SUSE-SU-2016:0820",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
},
{
"name": "openSUSE-SU-2016:1767",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name": "openSUSE-SU-2016:0731",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
},
{
"name": "SUSE-SU-2016:0727",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
},
{
"name": "openSUSE-SU-2016:1778",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html"
},
{
"name": "openSUSE-SU-2016:0876",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html"
},
{
"name": "USN-2917-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2917-1"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1248876",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1248876"
},
{
"name": "USN-2927-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2927-1"
},
{
"name": "DSA-3520",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3520"
},
{
"name": "openSUSE-SU-2016:1769",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html"
},
{
"name": "SUSE-SU-2016:0909",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
},
{
"name": "DSA-3510",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3510"
},
{
"name": "openSUSE-SU-2016:0733",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
},
{
"name": "http://www.mozilla.org/security/announce/2016/mfsa2016-37.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-37.html"
},
{
"name": "1035215",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035215"
},
{
"name": "SUSE-SU-2016:0777",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
},
{
"name": "GLSA-201605-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201605-06"
},
{
"name": "DSA-3515",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3515"
},
{
"name": "USN-2934-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2934-1"
},
{
"name": "GLSA-201701-63",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-63"
},
{
"name": "USN-2917-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2917-2"
},
{
"name": "USN-2917-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2917-3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2016-1977",
"datePublished": "2016-03-13T18:00:00.000Z",
"dateReserved": "2016-01-20T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:17:50.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1978 (GCVE-0-2016-1978)
Vulnerability from cvelistv5 – Published: 2016-03-13 18:00 – Updated: 2024-08-05 23:17
VLAI
EPSS
Summary
Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
20 references
| URL | Tags |
|---|---|
| https://bto.bluecoat.com/security-advisory/sa124 | x_refsource_CONFIRM |
| http://www.oracle.com/technetwork/topics/security… | x_refsource_CONFIRM |
| http://www.debian.org/security/2016/dsa-3688 | vendor-advisoryx_refsource_DEBIAN |
| http://rhn.redhat.com/errata/RHSA-2016-0684.html | vendor-advisoryx_refsource_REDHAT |
| http://www.oracle.com/technetwork/topics/security… | x_refsource_CONFIRM |
| http://www.mozilla.org/security/announce/2016/mfs… | x_refsource_CONFIRM |
| http://www.oracle.com/technetwork/security-adviso… | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://rhn.redhat.com/errata/RHSA-2016-0685.html | vendor-advisoryx_refsource_REDHAT |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.securityfocus.com/bid/84275 | vdb-entryx_refsource_BID |
| https://developer.mozilla.org/en-US/docs/Mozilla/… | x_refsource_MISC |
| http://www.ubuntu.com/usn/USN-2973-1 | vendor-advisoryx_refsource_UBUNTU |
| http://rhn.redhat.com/errata/RHSA-2016-0591.html | vendor-advisoryx_refsource_REDHAT |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.securitytracker.com/id/1035258 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/91787 | vdb-entryx_refsource_BID |
| https://bugzilla.mozilla.org/show_bug.cgi?id=1209546 | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://security.gentoo.org/glsa/201605-06 | vendor-advisoryx_refsource_GENTOO |
Date Public
2016-01-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:50.147Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa124"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "DSA-3688",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3688"
},
{
"name": "RHSA-2016:0684",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0684.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-15.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "SUSE-SU-2016:0820",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
},
{
"name": "RHSA-2016:0685",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0685.html"
},
{
"name": "SUSE-SU-2016:0727",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
},
{
"name": "84275",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/84275"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes"
},
{
"name": "USN-2973-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2973-1"
},
{
"name": "RHSA-2016:0591",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0591.html"
},
{
"name": "SUSE-SU-2016:0909",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
},
{
"name": "1035258",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035258"
},
{
"name": "91787",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1209546"
},
{
"name": "SUSE-SU-2016:0777",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
},
{
"name": "GLSA-201605-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201605-06"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01.000Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bto.bluecoat.com/security-advisory/sa124"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "DSA-3688",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3688"
},
{
"name": "RHSA-2016:0684",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0684.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-15.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "SUSE-SU-2016:0820",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
},
{
"name": "RHSA-2016:0685",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0685.html"
},
{
"name": "SUSE-SU-2016:0727",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
},
{
"name": "84275",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/84275"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes"
},
{
"name": "USN-2973-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2973-1"
},
{
"name": "RHSA-2016:0591",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0591.html"
},
{
"name": "SUSE-SU-2016:0909",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
},
{
"name": "1035258",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035258"
},
{
"name": "91787",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1209546"
},
{
"name": "SUSE-SU-2016:0777",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
},
{
"name": "GLSA-201605-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201605-06"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2016-1978",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bto.bluecoat.com/security-advisory/sa124",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa124"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "DSA-3688",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3688"
},
{
"name": "RHSA-2016:0684",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0684.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "http://www.mozilla.org/security/announce/2016/mfsa2016-15.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-15.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "SUSE-SU-2016:0820",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
},
{
"name": "RHSA-2016:0685",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0685.html"
},
{
"name": "SUSE-SU-2016:0727",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
},
{
"name": "84275",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84275"
},
{
"name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes",
"refsource": "MISC",
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes"
},
{
"name": "USN-2973-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2973-1"
},
{
"name": "RHSA-2016:0591",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0591.html"
},
{
"name": "SUSE-SU-2016:0909",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
},
{
"name": "1035258",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035258"
},
{
"name": "91787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1209546",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1209546"
},
{
"name": "SUSE-SU-2016:0777",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
},
{
"name": "GLSA-201605-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201605-06"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2016-1978",
"datePublished": "2016-03-13T18:00:00.000Z",
"dateReserved": "2016-01-20T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:17:50.147Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1979 (GCVE-0-2016-1979)
Vulnerability from cvelistv5 – Published: 2016-03-13 18:00 – Updated: 2024-08-05 23:17
VLAI
EPSS
Summary
Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
23 references
| URL | Tags |
|---|---|
| https://bto.bluecoat.com/security-advisory/sa124 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/84221 | vdb-entryx_refsource_BID |
| http://www.oracle.com/technetwork/topics/security… | x_refsource_CONFIRM |
| http://www.debian.org/security/2016/dsa-3688 | vendor-advisoryx_refsource_DEBIAN |
| http://www.debian.org/security/2016/dsa-3576 | vendor-advisoryx_refsource_DEBIAN |
| https://bugzilla.mozilla.org/show_bug.cgi?id=1185033 | x_refsource_CONFIRM |
| http://rhn.redhat.com/errata/RHSA-2016-0684.html | vendor-advisoryx_refsource_REDHAT |
| http://www.oracle.com/technetwork/topics/security… | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://rhn.redhat.com/errata/RHSA-2016-0685.html | vendor-advisoryx_refsource_REDHAT |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://developer.mozilla.org/en-US/docs/Mozilla/… | x_refsource_MISC |
| http://www.mozilla.org/security/announce/2016/mfs… | x_refsource_CONFIRM |
| http://www.oracle.com/technetwork/security-adviso… | x_refsource_CONFIRM |
| http://www.ubuntu.com/usn/USN-2973-1 | vendor-advisoryx_refsource_UBUNTU |
| http://rhn.redhat.com/errata/RHSA-2016-0591.html | vendor-advisoryx_refsource_REDHAT |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.securitytracker.com/id/1035215 | vdb-entryx_refsource_SECTRACK |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.oracle.com/technetwork/security-adviso… | x_refsource_CONFIRM |
| https://security.gentoo.org/glsa/201605-06 | vendor-advisoryx_refsource_GENTOO |
Date Public
2016-03-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:50.096Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa124"
},
{
"name": "84221",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/84221"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "DSA-3688",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3688"
},
{
"name": "DSA-3576",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3576"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1185033"
},
{
"name": "RHSA-2016:0684",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0684.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "SUSE-SU-2016:0820",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
},
{
"name": "RHSA-2016:0685",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0685.html"
},
{
"name": "openSUSE-SU-2016:0731",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
},
{
"name": "SUSE-SU-2016:0727",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.1_release_notes"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-36.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "USN-2973-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2973-1"
},
{
"name": "RHSA-2016:0591",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0591.html"
},
{
"name": "SUSE-SU-2016:0909",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
},
{
"name": "openSUSE-SU-2016:0733",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
},
{
"name": "1035215",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035215"
},
{
"name": "SUSE-SU-2016:0777",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name": "GLSA-201605-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201605-06"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01.000Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bto.bluecoat.com/security-advisory/sa124"
},
{
"name": "84221",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/84221"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "DSA-3688",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3688"
},
{
"name": "DSA-3576",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3576"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1185033"
},
{
"name": "RHSA-2016:0684",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0684.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "SUSE-SU-2016:0820",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
},
{
"name": "RHSA-2016:0685",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0685.html"
},
{
"name": "openSUSE-SU-2016:0731",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
},
{
"name": "SUSE-SU-2016:0727",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.1_release_notes"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-36.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "USN-2973-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2973-1"
},
{
"name": "RHSA-2016:0591",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0591.html"
},
{
"name": "SUSE-SU-2016:0909",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
},
{
"name": "openSUSE-SU-2016:0733",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
},
{
"name": "1035215",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035215"
},
{
"name": "SUSE-SU-2016:0777",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name": "GLSA-201605-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201605-06"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2016-1979",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bto.bluecoat.com/security-advisory/sa124",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa124"
},
{
"name": "84221",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84221"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "DSA-3688",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3688"
},
{
"name": "DSA-3576",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3576"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1185033",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1185033"
},
{
"name": "RHSA-2016:0684",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0684.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "SUSE-SU-2016:0820",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
},
{
"name": "RHSA-2016:0685",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0685.html"
},
{
"name": "openSUSE-SU-2016:0731",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
},
{
"name": "SUSE-SU-2016:0727",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
},
{
"name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.1_release_notes",
"refsource": "MISC",
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.1_release_notes"
},
{
"name": "http://www.mozilla.org/security/announce/2016/mfsa2016-36.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-36.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "USN-2973-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2973-1"
},
{
"name": "RHSA-2016:0591",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0591.html"
},
{
"name": "SUSE-SU-2016:0909",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
},
{
"name": "openSUSE-SU-2016:0733",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
},
{
"name": "1035215",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035215"
},
{
"name": "SUSE-SU-2016:0777",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name": "GLSA-201605-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201605-06"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2016-1979",
"datePublished": "2016-03-13T18:00:00.000Z",
"dateReserved": "2016-01-20T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:17:50.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2790 (GCVE-0-2016-2790)
Vulnerability from cvelistv5 – Published: 2016-03-13 18:00 – Updated: 2024-08-05 23:32
VLAI
EPSS
Summary
The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
26 references
| URL | Tags |
|---|---|
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.securityfocus.com/bid/84222 | vdb-entryx_refsource_BID |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.oracle.com/technetwork/topics/security… | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://bugzilla.mozilla.org/show_bug.cgi?id=1243464 | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.ubuntu.com/usn/USN-2917-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.ubuntu.com/usn/USN-2927-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.debian.org/security/2016/dsa-3520 | vendor-advisoryx_refsource_DEBIAN |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.debian.org/security/2016/dsa-3510 | vendor-advisoryx_refsource_DEBIAN |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.mozilla.org/security/announce/2016/mfs… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1035215 | vdb-entryx_refsource_SECTRACK |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://security.gentoo.org/glsa/201605-06 | vendor-advisoryx_refsource_GENTOO |
| http://www.debian.org/security/2016/dsa-3515 | vendor-advisoryx_refsource_DEBIAN |
| http://www.ubuntu.com/usn/USN-2934-1 | vendor-advisoryx_refsource_UBUNTU |
| https://security.gentoo.org/glsa/201701-63 | vendor-advisoryx_refsource_GENTOO |
| http://www.ubuntu.com/usn/USN-2917-2 | vendor-advisoryx_refsource_UBUNTU |
| http://www.ubuntu.com/usn/USN-2917-3 | vendor-advisoryx_refsource_UBUNTU |
Date Public
2016-03-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:32:21.158Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2016:0894",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html"
},
{
"name": "84222",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/84222"
},
{
"name": "SUSE-SU-2016:0820",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
},
{
"name": "openSUSE-SU-2016:1767",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name": "openSUSE-SU-2016:0731",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
},
{
"name": "SUSE-SU-2016:0727",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
},
{
"name": "openSUSE-SU-2016:1778",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1243464"
},
{
"name": "openSUSE-SU-2016:0876",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html"
},
{
"name": "USN-2917-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2917-1"
},
{
"name": "USN-2927-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2927-1"
},
{
"name": "DSA-3520",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3520"
},
{
"name": "openSUSE-SU-2016:1769",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html"
},
{
"name": "SUSE-SU-2016:0909",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
},
{
"name": "DSA-3510",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3510"
},
{
"name": "openSUSE-SU-2016:0733",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-37.html"
},
{
"name": "1035215",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035215"
},
{
"name": "SUSE-SU-2016:0777",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
},
{
"name": "GLSA-201605-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201605-06"
},
{
"name": "DSA-3515",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3515"
},
{
"name": "USN-2934-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2934-1"
},
{
"name": "GLSA-201701-63",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-63"
},
{
"name": "USN-2917-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2917-2"
},
{
"name": "USN-2917-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2917-3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01.000Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"name": "openSUSE-SU-2016:0894",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html"
},
{
"name": "84222",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/84222"
},
{
"name": "SUSE-SU-2016:0820",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
},
{
"name": "openSUSE-SU-2016:1767",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name": "openSUSE-SU-2016:0731",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
},
{
"name": "SUSE-SU-2016:0727",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
},
{
"name": "openSUSE-SU-2016:1778",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1243464"
},
{
"name": "openSUSE-SU-2016:0876",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html"
},
{
"name": "USN-2917-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2917-1"
},
{
"name": "USN-2927-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2927-1"
},
{
"name": "DSA-3520",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3520"
},
{
"name": "openSUSE-SU-2016:1769",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html"
},
{
"name": "SUSE-SU-2016:0909",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
},
{
"name": "DSA-3510",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3510"
},
{
"name": "openSUSE-SU-2016:0733",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-37.html"
},
{
"name": "1035215",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035215"
},
{
"name": "SUSE-SU-2016:0777",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
},
{
"name": "GLSA-201605-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201605-06"
},
{
"name": "DSA-3515",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3515"
},
{
"name": "USN-2934-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2934-1"
},
{
"name": "GLSA-201701-63",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-63"
},
{
"name": "USN-2917-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2917-2"
},
{
"name": "USN-2917-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2917-3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2016-2790",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2016:0894",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html"
},
{
"name": "84222",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84222"
},
{
"name": "SUSE-SU-2016:0820",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
},
{
"name": "openSUSE-SU-2016:1767",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name": "openSUSE-SU-2016:0731",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
},
{
"name": "SUSE-SU-2016:0727",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
},
{
"name": "openSUSE-SU-2016:1778",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1243464",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1243464"
},
{
"name": "openSUSE-SU-2016:0876",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html"
},
{
"name": "USN-2917-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2917-1"
},
{
"name": "USN-2927-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2927-1"
},
{
"name": "DSA-3520",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3520"
},
{
"name": "openSUSE-SU-2016:1769",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html"
},
{
"name": "SUSE-SU-2016:0909",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
},
{
"name": "DSA-3510",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3510"
},
{
"name": "openSUSE-SU-2016:0733",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
},
{
"name": "http://www.mozilla.org/security/announce/2016/mfsa2016-37.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-37.html"
},
{
"name": "1035215",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035215"
},
{
"name": "SUSE-SU-2016:0777",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
},
{
"name": "GLSA-201605-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201605-06"
},
{
"name": "DSA-3515",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3515"
},
{
"name": "USN-2934-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2934-1"
},
{
"name": "GLSA-201701-63",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-63"
},
{
"name": "USN-2917-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2917-2"
},
{
"name": "USN-2917-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2917-3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2016-2790",
"datePublished": "2016-03-13T18:00:00.000Z",
"dateReserved": "2016-03-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:32:21.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2791 (GCVE-0-2016-2791)
Vulnerability from cvelistv5 – Published: 2016-03-13 18:00 – Updated: 2024-08-05 23:32
VLAI
EPSS
Summary
The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
26 references
| URL | Tags |
|---|---|
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.securityfocus.com/bid/84222 | vdb-entryx_refsource_BID |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.oracle.com/technetwork/topics/security… | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.ubuntu.com/usn/USN-2917-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.ubuntu.com/usn/USN-2927-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.debian.org/security/2016/dsa-3520 | vendor-advisoryx_refsource_DEBIAN |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.debian.org/security/2016/dsa-3510 | vendor-advisoryx_refsource_DEBIAN |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.mozilla.org/security/announce/2016/mfs… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1035215 | vdb-entryx_refsource_SECTRACK |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://security.gentoo.org/glsa/201605-06 | vendor-advisoryx_refsource_GENTOO |
| http://www.debian.org/security/2016/dsa-3515 | vendor-advisoryx_refsource_DEBIAN |
| http://www.ubuntu.com/usn/USN-2934-1 | vendor-advisoryx_refsource_UBUNTU |
| https://bugzilla.mozilla.org/show_bug.cgi?id=1243473 | x_refsource_CONFIRM |
| https://security.gentoo.org/glsa/201701-63 | vendor-advisoryx_refsource_GENTOO |
| http://www.ubuntu.com/usn/USN-2917-2 | vendor-advisoryx_refsource_UBUNTU |
| http://www.ubuntu.com/usn/USN-2917-3 | vendor-advisoryx_refsource_UBUNTU |
Date Public
2016-03-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:32:21.192Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2016:0894",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html"
},
{
"name": "84222",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/84222"
},
{
"name": "SUSE-SU-2016:0820",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
},
{
"name": "openSUSE-SU-2016:1767",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name": "openSUSE-SU-2016:0731",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
},
{
"name": "SUSE-SU-2016:0727",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
},
{
"name": "openSUSE-SU-2016:1778",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html"
},
{
"name": "openSUSE-SU-2016:0876",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html"
},
{
"name": "USN-2917-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2917-1"
},
{
"name": "USN-2927-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2927-1"
},
{
"name": "DSA-3520",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3520"
},
{
"name": "openSUSE-SU-2016:1769",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html"
},
{
"name": "SUSE-SU-2016:0909",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
},
{
"name": "DSA-3510",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3510"
},
{
"name": "openSUSE-SU-2016:0733",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-37.html"
},
{
"name": "1035215",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035215"
},
{
"name": "SUSE-SU-2016:0777",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
},
{
"name": "GLSA-201605-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201605-06"
},
{
"name": "DSA-3515",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3515"
},
{
"name": "USN-2934-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2934-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1243473"
},
{
"name": "GLSA-201701-63",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-63"
},
{
"name": "USN-2917-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2917-2"
},
{
"name": "USN-2917-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2917-3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01.000Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"name": "openSUSE-SU-2016:0894",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html"
},
{
"name": "84222",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/84222"
},
{
"name": "SUSE-SU-2016:0820",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
},
{
"name": "openSUSE-SU-2016:1767",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name": "openSUSE-SU-2016:0731",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
},
{
"name": "SUSE-SU-2016:0727",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
},
{
"name": "openSUSE-SU-2016:1778",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html"
},
{
"name": "openSUSE-SU-2016:0876",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html"
},
{
"name": "USN-2917-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2917-1"
},
{
"name": "USN-2927-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2927-1"
},
{
"name": "DSA-3520",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3520"
},
{
"name": "openSUSE-SU-2016:1769",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html"
},
{
"name": "SUSE-SU-2016:0909",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
},
{
"name": "DSA-3510",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3510"
},
{
"name": "openSUSE-SU-2016:0733",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-37.html"
},
{
"name": "1035215",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035215"
},
{
"name": "SUSE-SU-2016:0777",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
},
{
"name": "GLSA-201605-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201605-06"
},
{
"name": "DSA-3515",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3515"
},
{
"name": "USN-2934-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2934-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1243473"
},
{
"name": "GLSA-201701-63",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-63"
},
{
"name": "USN-2917-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2917-2"
},
{
"name": "USN-2917-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2917-3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2016-2791",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2016:0894",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html"
},
{
"name": "84222",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84222"
},
{
"name": "SUSE-SU-2016:0820",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
},
{
"name": "openSUSE-SU-2016:1767",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name": "openSUSE-SU-2016:0731",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
},
{
"name": "SUSE-SU-2016:0727",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
},
{
"name": "openSUSE-SU-2016:1778",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html"
},
{
"name": "openSUSE-SU-2016:0876",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html"
},
{
"name": "USN-2917-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2917-1"
},
{
"name": "USN-2927-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2927-1"
},
{
"name": "DSA-3520",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3520"
},
{
"name": "openSUSE-SU-2016:1769",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html"
},
{
"name": "SUSE-SU-2016:0909",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
},
{
"name": "DSA-3510",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3510"
},
{
"name": "openSUSE-SU-2016:0733",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
},
{
"name": "http://www.mozilla.org/security/announce/2016/mfsa2016-37.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-37.html"
},
{
"name": "1035215",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035215"
},
{
"name": "SUSE-SU-2016:0777",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
},
{
"name": "GLSA-201605-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201605-06"
},
{
"name": "DSA-3515",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3515"
},
{
"name": "USN-2934-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2934-1"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1243473",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1243473"
},
{
"name": "GLSA-201701-63",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-63"
},
{
"name": "USN-2917-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2917-2"
},
{
"name": "USN-2917-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2917-3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2016-2791",
"datePublished": "2016-03-13T18:00:00.000Z",
"dateReserved": "2016-03-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:32:21.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…