CVE-2016-1963 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Firefox

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-26412 documents7 sources

Severity

7.4HIGHNVD

OSV8.8

EPSS

0.1%

top 78.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Debian Firefox Debian Firefox-esr

Timeline

PublishedMar 13

Latest updateMay 17

Description

The FileReader class in Mozilla Firefox before 45.0 allows local users to gain privileges or cause a denial of service (memory corruption) by changing a file during a FileReader API read operation.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 1.4 | Impact: 5.9

Affected Packages4 packages

▶Ubuntumozilla/firefox< 45.0+build2-0ubuntu0.14.04.1+2

▶NVDmozilla/firefox44.0.2

▶debiandebian/firefox< firefox 45.0-1 (sid)

▶debiandebian/firefox-esr< firefox 45.0-1 (sid)

🔴Vulnerability Details

GHSA

GHSA-w6cr-qvrp-w86v: The FileReader class in Mozilla Firefox before 45↗2022-05-17

▶

OSV

firefox regressions↗2016-04-19

▶

OSV

firefox regressions↗2016-04-07

▶

OSV

CVE-2016-1963: The FileReader class in Mozilla Firefox before 45↗2016-03-13

▶

OSV

firefox vulnerabilities↗2016-03-09

▶

📋Vendor Advisories

Ubuntu

Firefox regressions↗2016-04-19

▶

Ubuntu

Firefox regressions↗2016-04-07

▶

Ubuntu

Firefox vulnerabilities↗2016-03-09

▶

Red Hat

Mozilla: Memory corruption when modifying a file being read by FileReader (MFSA 2016-26)↗2016-03-08

▶

Debian

CVE-2016-1963: firefox - The FileReader class in Mozilla Firefox before 45.0 allows local users to gain p...↗2016

▶

💬Community

Bugzilla

CVE-2016-1963 Mozilla: Memory corruption when modifying a file being read by FileReader (MFSA 2016-26)↗2016-03-08

▶