Lucene search

[email protected]CVE-2016-9067

HistoryJun 11, 2018 - 9:29 p.m.

CVE-2016-9067

2018-06-1121:29:00

CWE-416

[email protected]

web.nvd.nist.gov

cve

2016

9067

use-after-free

dom

operations

exploitable

crashes

firefox

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

7.1 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.003 Low

EPSS

Percentile

70.5%

JSON

Two use-after-free errors during DOM operations resulting in potentially exploitable crashes. This vulnerability affects Firefox < 50.

VendorProductVersionCPE
mozillafirefox*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	firefox	*	cpe:2.3:a:mozilla:firefox::::::::

References

www.securityfocus.com/bid/94337

www.securitytracker.com/id/1037298

bugzilla.mozilla.org/show_bug.cgi?id=1301777

bugzilla.mozilla.org/show_bug.cgi?id=1308922

www.mozilla.org/security/advisories/mfsa2016-89/

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

7.1 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.003 Low

EPSS

Percentile

70.5%

JSON

Related for CVE-2016-9067

ubuntucve1 prion1 debiancve1 redhatcve2 archlinux1 ubuntu1 openvas5 nessus7 suse2 kaspersky1 freebsd1 mozilla1 mageia1