Lucene search

Mozilla FoundationMFSA2016-37

HistoryMar 08, 2016 - 12:00 a.m.

Font vulnerabilities in the Graphite 2 library — Mozilla

2016-03-0800:00:00

Mozilla Foundation

www.mozilla.org

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.069 Low

EPSS

Percentile

93.9%

JSON

Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5.

Affected configurations

Vulners

Node

mozillafirefoxRange<45

mozillafirefox_esrRange<38.7

mozillathunderbirdRange<38.7

mozillathunderbirdRange<45

CPENameOperatorVersion
firefoxlt45
firefox esrlt38.7
thunderbirdlt38.7
thunderbirdlt45

Name	Operator	Version
firefox	lt	45
firefox esr	lt	38.7
thunderbird	lt	38.7
thunderbird	lt	45

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1977

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2790

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2791

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2792

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2793

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2794

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2795

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2796

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2797

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2798

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2799

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2800

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2801

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2802

bugzilla.mozilla.org/show_bug.cgi?id=1243464

bugzilla.mozilla.org/show_bug.cgi?id=1243473

bugzilla.mozilla.org/show_bug.cgi?id=1243482

bugzilla.mozilla.org/show_bug.cgi?id=1243513

bugzilla.mozilla.org/show_bug.cgi?id=1243526

bugzilla.mozilla.org/show_bug.cgi?id=1243597

bugzilla.mozilla.org/show_bug.cgi?id=1243816

bugzilla.mozilla.org/show_bug.cgi?id=1243823

bugzilla.mozilla.org/show_bug.cgi?id=1248804

bugzilla.mozilla.org/show_bug.cgi?id=1248805

bugzilla.mozilla.org/show_bug.cgi?id=1248876

bugzilla.mozilla.org/show_bug.cgi?id=1249081

bugzilla.mozilla.org/show_bug.cgi?id=1249338

bugzilla.mozilla.org/show_bug.cgi?id=1249920

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.069 Low

EPSS

Percentile

93.9%

JSON

Related for MFSA2016-37