CVE-2016-1945 — Mozilla Firefox vulnerability

9 documents6 sources

Severity

8.8HIGHNVD

OSV9.8

EPSS

0.7%

top 28.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Opensuse Leap Opensuse

Timeline

PublishedJan 31

Latest updateMay 14

Description

The nsZipArchive function in Mozilla Firefox before 44.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect use of a pointer during processing of a ZIP archive.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶Ubuntumozilla/firefox< 44.0+build3-0ubuntu0.14.04.1+1

▶NVDmozilla/firefox43.0.4

▶NVDopensuse/leap42.1

▶NVDopensuse/opensuse13.1, 13.2+1

🔴Vulnerability Details

GHSA

GHSA-xv75-3499-88v3: The nsZipArchive function in Mozilla Firefox before 44↗2022-05-14

▶

OSV

firefox regression↗2016-02-08

▶

OSV

firefox vulnerabilities↗2016-01-27

▶

OSV

CVE-2016-1945: The nsZipArchive function in Mozilla Firefox before 44↗2016-01-26

▶

📋Vendor Advisories

Ubuntu

Firefox regression↗2016-02-08

▶

Ubuntu

Firefox vulnerabilities↗2016-01-27

▶

Red Hat

Mozilla: Unsafe memory manipulation found through code inspection (MFSA 2016-10)↗2016-01-26

▶

💬Community

Bugzilla

CVE-2016-1944 CVE-2016-1945 CVE-2016-1946 Mozilla: Unsafe memory manipulation found through code inspection (MFSA 2016-10)↗2016-01-26

▶