PRIOn knowledge basePRION:CVE-2016-1947Code injection
4.7 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
7 High
AI Score
Confidence
Low
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.005 Low
EPSS
Percentile
75.8%
Mozilla Firefox 43.x mishandles attempts to connect to the Application Reputation service, which makes it easier for remote attackers to trigger an unintended download by leveraging the absence of reputation data.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ubuntu_linux | eq | 12.04 | |
| ubuntu_linux | eq | 15.10 | |
| ubuntu_linux | eq | 14.04 | |
| ubuntu_linux | eq | 15.04 | |
| firefox | eq | 43.0.2 | |
| firefox | eq | 43.0.1 | |
| firefox | eq | 43.0.4 | |
| firefox | eq | 43.0 | |
| firefox | eq | 43.0.3 | |
| leap | eq | 42.1 |
References
lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html
lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html
www.mozilla.org/security/announce/2016/mfsa2016-11.html
www.securityfocus.com/bid/81949
www.securitytracker.com/id/1034825
www.ubuntu.com/usn/USN-2880-1
www.ubuntu.com/usn/USN-2880-2
bugzilla.mozilla.org/show_bug.cgi?id=1237103
security.gentoo.org/glsa/201605-06
Related
4.7 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
7 High
AI Score
Confidence
Low
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.005 Low
EPSS
Percentile
75.8%