CVE-2016-1960 : Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in

Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) by leveraging mishandling of end tags, as demonstrated by incorrect SVG processing, aka ZDI-CAN-3545.

Published 2016-03-13 18:59:10

Updated 2024-10-22 13:42:15

Source Mozilla Corporation

View at NVD, CVE.org

Vulnerability category: Memory CorruptionExecute codeDenial of service

Products affected by CVE-2016-1960

Suse » Linux Enterprise » Version: 12.0
cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*
Matching versions
Oracle » Linux » Version: 7
cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*
Matching versions
Oracle » Linux » Version: 6
cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*
Matching versions
Oracle » Linux » Version: 5.0
cpe:2.3:o:oracle:linux:5.0:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox
Versions up to, including, (<=) 44.0.2
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 38.0
cpe:2.3:a:mozilla:firefox:38.0:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 38.0.1
cpe:2.3:a:mozilla:firefox:38.0.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 38.0.5
cpe:2.3:a:mozilla:firefox:38.0.5:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 38.1.0
cpe:2.3:a:mozilla:firefox:38.1.0:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 38.1.1
cpe:2.3:a:mozilla:firefox:38.1.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 38.2.0
cpe:2.3:a:mozilla:firefox:38.2.0:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 38.2.1
cpe:2.3:a:mozilla:firefox:38.2.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 38.3.0
cpe:2.3:a:mozilla:firefox:38.3.0:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 38.4.0
cpe:2.3:a:mozilla:firefox:38.4.0:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 38.5.0
cpe:2.3:a:mozilla:firefox:38.5.0:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 38.5.1
cpe:2.3:a:mozilla:firefox:38.5.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 38.6.0
cpe:2.3:a:mozilla:firefox:38.6.0:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 38.6.1
cpe:2.3:a:mozilla:firefox:38.6.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird
Versions up to, including, (<=) 38.6.0
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
Matching versions
Opensuse » Opensuse » Version: 13.2
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
Matching versions
Opensuse » Opensuse » Version: 13.1
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
Matching versions
Opensuse » Leap » Version: 42.1
cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2016-1960

EPSS FAQ

95.45%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 100 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2016-1960

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
8.8	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	2.8	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

References for CVE-2016-1960

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html

[security-announce] openSUSE-SU-2016:0894-1: important: Security update
Third Party Advisory

CVEs referencing this url
http://www.ubuntu.com/usn/USN-2934-1

USN-2934-1: Thunderbird vulnerabilities | Ubuntu security notices

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html

[security-announce] openSUSE-SU-2016:0876-1: important: Security update

CVEs referencing this url
https://bugzilla.mozilla.org/show_bug.cgi?id=1246014

Bugzilla.mozilla.org is offline
Issue Tracking
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html

[security-announce] openSUSE-SU-2016:1769-1: important: Security update
Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html

[security-announce] SUSE-SU-2016:0909-1: important: Security update for

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html

[security-announce] openSUSE-SU-2016:1778-1: important: Security update
Third Party Advisory

CVEs referencing this url
http://www.ubuntu.com/usn/USN-2917-1

USN-2917-1: Firefox vulnerabilities | Ubuntu security notices

CVEs referencing this url
http://www.ubuntu.com/usn/USN-2917-3

USN-2917-3: Firefox regressions | Ubuntu security notices

CVEs referencing this url
http://www.securitytracker.com/id/1035215

Mozilla Firefox Multiple Flaws Let Remote Users Execute Arbitrary Code, Spoof the Address Bar, Overwrite Files, and Deny Service - SecurityTracker

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html

[security-announce] SUSE-SU-2016:0777-1: important: Security update for

CVEs referencing this url
https://www.exploit-db.com/exploits/44294/

Firefox 44.0.2 - ASM.JS JIT-Spray Remote Code Execution

CVEs referencing this url
https://www.exploit-db.com/exploits/42484/

Mozilla Firefox < 45.0 - 'nsHtml5TreeBuilder' Use-After-Free (EMET 5.52 Bypass)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html

[security-announce] SUSE-SU-2016:0820-1: important: Security update for

CVEs referencing this url
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

Oracle Linux Bulletin - January 2016
Third Party Advisory

CVEs referencing this url
https://security.gentoo.org/glsa/201605-06

Mozilla Products: Multiple vulnerabilities (GLSA 201605-06) — Gentoo security

CVEs referencing this url
http://www.debian.org/security/2016/dsa-3520

Debian -- Security Information -- DSA-3520-1 icedove

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html

[security-announce] openSUSE-SU-2016:0731-1: important: Security update

CVEs referencing this url
http://www.mozilla.org/security/announce/2016/mfsa2016-23.html

Use-after-free in HTML5 string parser — Mozilla
Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html

[security-announce] openSUSE-SU-2016:0733-1: important: Security update

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html

[security-announce] openSUSE-SU-2016:1767-1: important: Security update
Third Party Advisory

CVEs referencing this url
http://zerodayinitiative.com/advisories/ZDI-16-198/

ZDI-16-198 | Zero Day Initiative
Third Party Advisory
http://www.ubuntu.com/usn/USN-2917-2

USN-2917-2: Firefox regressions | Ubuntu security notices

CVEs referencing this url
http://www.debian.org/security/2016/dsa-3510

Debian -- Security Information -- DSA-3510-1 iceweasel

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html

[security-announce] SUSE-SU-2016:0727-1: important: Security update for

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2016-1960

Products affected by CVE-2016-1960

Exploit prediction scoring system (EPSS) score for CVE-2016-1960

CVSS scores for CVE-2016-1960

References for CVE-2016-1960