Lucene search

[email protected]CVE-2016-1966

HistoryMar 13, 2016 - 6:59 p.m.

CVE-2016-1966

2016-03-1318:59:15

[email protected]

web.nvd.nist.gov

cve-2016-1966

mozilla firefox

remote code execution

denial of service

npapi plugin

security vulnerability

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.9%

JSON

The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference and memory corruption) via a crafted NPAPI plugin.

Affected configurations

NVD

Node

oraclelinuxMatch5.0

oraclelinuxMatch6

oraclelinuxMatch7

Node

mozillafirefoxRange≤44.0.2

mozillafirefox_esrMatch38.0

mozillafirefox_esrMatch38.0.1

mozillafirefox_esrMatch38.0.5

mozillafirefox_esrMatch38.1.0

mozillafirefox_esrMatch38.1.1

mozillafirefox_esrMatch38.2.0

mozillafirefox_esrMatch38.2.1

mozillafirefox_esrMatch38.3.0

mozillafirefox_esrMatch38.4.0

mozillafirefox_esrMatch38.5.0

mozillafirefox_esrMatch38.5.1

mozillafirefox_esrMatch38.6.0

mozillafirefox_esrMatch38.6.1

mozillathunderbirdRange≤38.6.0

Node

opensuseopensuseMatch13.1

CPENameOperatorVersion
oracle:linuxoracle linuxeq5.0
oracle:linuxoracle linuxeq6
oracle:linuxoracle linuxeq7

CPE	Name	Operator	Version
oracle:linux	oracle linux	eq	5.0
oracle:linux	oracle linux	eq	6
oracle:linux	oracle linux	eq	7

References

hg.mozilla.org/releases/mozilla-release/rev/f0d2911a9a4e

lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html

www.debian.org/security/2016/dsa-3510

www.debian.org/security/2016/dsa-3520

www.mozilla.org/security/announce/2016/mfsa2016-31.html

www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

www.securitytracker.com/id/1035215

www.ubuntu.com/usn/USN-2917-1

www.ubuntu.com/usn/USN-2917-2

www.ubuntu.com/usn/USN-2917-3

www.ubuntu.com/usn/USN-2934-1

bugzilla.mozilla.org/show_bug.cgi?id=1246054

security.gentoo.org/glsa/201605-06

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.9%

JSON

Related for CVE-2016-1966

mozilla1 nvd1 ubuntucve1 cvelist1 debiancve1 prion1 openvas35 redhat2 nessus31 centos2 mageia2 oraclelinux2 debian2 freebsd1 archlinux2 ubuntu4 veracode25 osv1 suse8 kaspersky1 gentoo1