CVE-2016-1947 — Mozilla Firefox vulnerability

CWE-199 documents6 sources

Severity

4.7MEDIUMNVD

OSV9.8

EPSS

0.6%

top 31.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Canonical Ubuntu Linux Opensuse Leap +1 more

Timeline

PublishedJan 31

Latest updateMay 14

Description

Mozilla Firefox 43.x mishandles attempts to connect to the Application Reputation service, which makes it easier for remote attackers to trigger an unintended download by leveraging the absence of reputation data.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

▶Ubuntumozilla/firefox< 44.0.1+build2-0ubuntu0.14.04.1+1

▶NVDmozilla/firefox5 versions+4

▶NVDopensuse/leap42.1

▶NVDopensuse/opensuse13.1, 13.2+1

Also affects: Ubuntu Linux 12.04, 14.04, 15.04, 15.10

🔴Vulnerability Details

GHSA

GHSA-gfv8-8p3g-4px7: Mozilla Firefox 43↗2022-05-14

▶

OSV

firefox regression↗2016-02-08

▶

OSV

firefox vulnerabilities↗2016-01-27

▶

OSV

CVE-2016-1947: Mozilla Firefox 43↗2016-01-26

▶

📋Vendor Advisories

Ubuntu

Firefox regression↗2016-02-08

▶

Ubuntu

Firefox vulnerabilities↗2016-01-27

▶

Red Hat

Mozilla: Application Reputation service disabled in Firefox 43 (MFSA 2016-11)↗2016-01-26

▶

💬Community

Bugzilla

CVE-2016-1947 Mozilla: Application Reputation service disabled in Firefox 43 (MFSA 2016-11)↗2016-01-26

▶