Lucene search

[email protected]CVE-2016-1935

HistoryJan 31, 2016 - 6:59 p.m.

CVE-2016-1935

2016-01-3118:59:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2016-1935

buffer overflow

mozilla firefox

remote code execution

webgl

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.006 Low

EPSS

Percentile

78.8%

JSON

Buffer overflow in the BufferSubData function in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allows remote attackers to execute arbitrary code via crafted WebGL content.

CPENameOperatorVersion
opensuse:leapopensuse leapeq42.1
opensuse:opensuseopensuseeq13.1
opensuse:opensuseopensuseeq13.2
oracle:linuxoracle linuxeq5.0
oracle:linuxoracle linuxeq6
oracle:linuxoracle linuxeq7
mozilla:firefoxmozilla firefoxle43.0.4
mozilla:firefox_esrmozilla firefox esreq38.0
mozilla:firefox_esrmozilla firefox esreq38.1.0
mozilla:firefox_esrmozilla firefox esreq38.2.0

CPE	Name	Operator	Version
opensuse:leap	opensuse leap	eq	42.1
opensuse:opensuse	opensuse	eq	13.1
opensuse:opensuse	opensuse	eq	13.2
oracle:linux	oracle linux	eq	5.0
oracle:linux	oracle linux	eq	6
oracle:linux	oracle linux	eq	7
mozilla:firefox	mozilla firefox	le	43.0.4
mozilla:firefox_esr	mozilla firefox esr	eq	38.0
mozilla:firefox_esr	mozilla firefox esr	eq	38.1.0
mozilla:firefox_esr	mozilla firefox esr	eq	38.2.0