CVE-2016-1931 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents6 sources

Severity

10.0CRITICALNVD

OSV9.8

EPSS

2.5%

top 14.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Opensuse Leap Opensuse

Timeline

PublishedJan 31

Latest updateMay 14

Description

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to uninitialized memory encountered during brotli data compression, and other vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 3.9 | Impact: 6.0

Affected Packages4 packages

▶Ubuntumozilla/firefox< 44.0+build3-0ubuntu0.14.04.1+1

▶NVDmozilla/firefox43.0.4

▶NVDopensuse/leap42.1

▶NVDopensuse/opensuse13.1, 13.2+1

🔴Vulnerability Details

GHSA

GHSA-x2jf-fqm5-8f5p: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44↗2022-05-14

▶

OSV

firefox regression↗2016-02-08

▶

OSV

firefox vulnerabilities↗2016-01-27

▶

OSV

CVE-2016-1931: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44↗2016-01-26

▶

📋Vendor Advisories

Ubuntu

Firefox regression↗2016-02-08

▶

Ubuntu

Firefox vulnerabilities↗2016-01-27

▶

Red Hat

Mozilla: Miscellaneous memory safety hazards (rv:44.0) (MFSA 2016-01)↗2016-01-26

▶

💬Community

Bugzilla

CVE-2016-1931 Mozilla: Miscellaneous memory safety hazards (rv:44.0) (MFSA 2016-01)↗2016-01-26

▶