The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before
45.0 and Firefox ESR 38.x before 38.7 does not verify that memory
allocation succeeds, which allows remote attackers to execute arbitrary
code or cause a denial of service (out-of-bounds read) via crafted Unicode
data in an HTML, XML, or SVG document.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 12.04 | noarch | firefox | < 45.0+build2-0ubuntu0.12.04.1 | UNKNOWN |
ubuntu | 14.04 | noarch | firefox | < 45.0+build2-0ubuntu0.14.04.1 | UNKNOWN |
ubuntu | 15.10 | noarch | firefox | < 45.0+build2-0ubuntu0.15.10.1 | UNKNOWN |
ubuntu | 12.04 | noarch | thunderbird | < 1:38.7.2+build1-0ubuntu0.12.04.1 | UNKNOWN |
ubuntu | 14.04 | noarch | thunderbird | < 1:38.7.2+build1-0ubuntu0.14.04.1 | UNKNOWN |
ubuntu | 15.10 | noarch | thunderbird | < 1:38.7.2+build1-0ubuntu0.15.10.1 | UNKNOWN |
ubuntu | 16.04 | noarch | thunderbird | < 1:38.7.2+build1-0ubuntu0.16.04.1 | UNKNOWN |
bugzilla.mozilla.org/show_bug.cgi?id=1228103
launchpad.net/bugs/cve/CVE-2016-1974
nvd.nist.gov/vuln/detail/CVE-2016-1974
security-tracker.debian.org/tracker/CVE-2016-1974
ubuntu.com/security/notices/USN-2917-1
ubuntu.com/security/notices/USN-2934-1
www.cve.org/CVERecord?id=CVE-2016-1974
www.mozilla.org/en-US/security/advisories/mfsa2016-34/