Vulnerability Details : CVE-2016-1953
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to js/src/jit/arm/Assembler-arm.cpp, and unknown other vectors.
Vulnerability category: OverflowMemory CorruptionExecute codeDenial of service
Products affected by CVE-2016-1953
- cpe:2.3:a:novell:suse_package_hub_for_suse_linux_enterprise:12:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:38.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:38.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:38.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:38.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:38.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:38.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:38.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:38.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:38.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:38.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:38.6.1:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-1953
1.49%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 87 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-1953
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
8.8
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2016-1953
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-1953
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1238935
Bugzilla.mozilla.org is offline
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1205163
TreeStatus
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1224363
Bugzilla.mozilla.org is offline
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1236519
Bugzilla.mozilla.org is offline
-
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html
[security-announce] openSUSE-SU-2016:1769-1: important: Security update
-
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html
[security-announce] SUSE-SU-2016:0909-1: important: Security update for
-
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html
[security-announce] openSUSE-SU-2016:1778-1: important: Security update
-
http://www.ubuntu.com/usn/USN-2917-1
USN-2917-1: Firefox vulnerabilities | Ubuntu security notices
-
http://www.ubuntu.com/usn/USN-2917-3
USN-2917-3: Firefox regressions | Ubuntu security notices
-
http://www.securitytracker.com/id/1035215
Mozilla Firefox Multiple Flaws Let Remote Users Execute Arbitrary Code, Spoof the Address Bar, Overwrite Files, and Deny Service - SecurityTracker
-
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html
[security-announce] SUSE-SU-2016:0777-1: important: Security update for
-
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html
[security-announce] SUSE-SU-2016:0820-1: important: Security update for
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1241731
Bugzilla.mozilla.org is offline
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1234425
Bugzilla.mozilla.org is offline
-
https://security.gentoo.org/glsa/201605-06
Mozilla Products: Multiple vulnerabilities (GLSA 201605-06) — Gentoo security
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1224369
TreeStatus
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1247236
Bugzilla.mozilla.org is offline
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1225618
Bugzilla.mozilla.org is offline
-
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html
[security-announce] openSUSE-SU-2016:0731-1: important: Security update
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1199171
Bugzilla.mozilla.org is offline
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1245866
Bugzilla.mozilla.org is offline
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1224361
Bugzilla.mozilla.org is offline
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1238558
Bugzilla.mozilla.org is offline
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1243555
Bugzilla.mozilla.org is offline
-
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html
[security-announce] openSUSE-SU-2016:0733-1: important: Security update
-
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html
[security-announce] openSUSE-SU-2016:1767-1: important: Security update
-
http://www.ubuntu.com/usn/USN-2917-2
USN-2917-2: Firefox regressions | Ubuntu security notices
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1248794
Bugzilla.mozilla.org is offline
-
http://www.mozilla.org/security/announce/2016/mfsa2016-16.html
Miscellaneous memory safety hazards (rv:45.0 / rv:38.7) — MozillaVendor Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1243583
Bugzilla.mozilla.org is offline
-
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html
[security-announce] SUSE-SU-2016:0727-1: important: Security update for
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1207958
TreeStatus
Jump to