CVE-2016-1973 : Race condition in the GetStaticInstance function in the WebRTC implementation in

Race condition in the GetStaticInstance function in the WebRTC implementation in Mozilla Firefox before 45.0 might allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via unspecified vectors.

Published 2016-03-13 18:59:22

Updated 2025-04-12 10:46:41

Source Mozilla Corporation

View at NVD, CVE.org

Vulnerability category: Memory CorruptionExecute codeDenial of service

Products affected by CVE-2016-1973

Oracle » Linux » Version: 7
cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*
Matching versions
Oracle » Linux » Version: 6
cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*
Matching versions
Oracle » Linux » Version: 5.0
cpe:2.3:o:oracle:linux:5.0:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox
Versions up to, including, (<=) 44.0.2
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2016-1973

EPSS FAQ

0.89%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 73 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2016-1973

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
8.8	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	2.8	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

References for CVE-2016-1973

http://www.ubuntu.com/usn/USN-2917-1

USN-2917-1: Firefox vulnerabilities | Ubuntu security notices

CVEs referencing this url
http://www.ubuntu.com/usn/USN-2917-3

USN-2917-3: Firefox regressions | Ubuntu security notices

CVEs referencing this url
http://www.mozilla.org/security/announce/2016/mfsa2016-33.html

Use-after-free in GetStaticInstance in WebRTC — Mozilla
Vendor Advisory
http://www.securitytracker.com/id/1035215

Mozilla Firefox Multiple Flaws Let Remote Users Execute Arbitrary Code, Spoof the Address Bar, Overwrite Files, and Deny Service - SecurityTracker

CVEs referencing this url
https://bugzilla.mozilla.org/show_bug.cgi?id=1219339

Bugzilla.mozilla.org is offline
Issue Tracking
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

Oracle Linux Bulletin - January 2016
Third Party Advisory

CVEs referencing this url
https://security.gentoo.org/glsa/201605-06

Mozilla Products: Multiple vulnerabilities (GLSA 201605-06) — Gentoo security

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html

[security-announce] openSUSE-SU-2016:0731-1: important: Security update

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html

[security-announce] openSUSE-SU-2016:0733-1: important: Security update

CVEs referencing this url
http://www.ubuntu.com/usn/USN-2917-2

USN-2917-2: Firefox regressions | Ubuntu security notices

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2016-1973

Products affected by CVE-2016-1973

Exploit prediction scoring system (EPSS) score for CVE-2016-1973

CVSS scores for CVE-2016-1973

References for CVE-2016-1973