CVE-2016-1951
published 2016-08-07CVE-2016-1951: Multiple integer overflows in io/prprf.c in Mozilla Netscape Portable Runtime (NSPR) before 4.12 allow remote attackers to cause a denial of service (buffer…
high8.6CVSS 3.0
AVNACLPRNUINSUCLILAH
Multiple integer overflows in io/prprf.c in Mozilla Netscape Portable Runtime (NSPR) before 4.12 allow remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long string to a PR_*printf function.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 45.0-1 (sid) | firefox 45.0-1 (sid) |
| debian | firefox-esr | < firefox 45.0-1 (sid) | firefox 45.0-1 (sid) |
| debian | nspr | < firefox 45.0-1 (sid) | firefox 45.0-1 (sid) |
| mozilla | netscape_portable_runtime | <= 4.11 | — |
| mozilla | thunderbird | >= 0 < 1:45.2.0+build1-0ubuntu0.14.04.3 | 1:45.2.0+build1-0ubuntu0.14.04.3 |
| mozilla | thunderbird | >= 0 < 1:45.2.0+build1-0ubuntu0.16.04.1 | 1:45.2.0+build1-0ubuntu0.16.04.1 |
CVSS provenance
nvdv3.08.6HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
osv8.6HIGH