CVE-2016-1968
published 2016-03-13CVE-2016-1968: Integer underflow in Brotli, as used in Mozilla Firefox before 45.0, allows remote attackers to execute arbitrary code or cause a denial of service (buffer…
PriorityP345high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
EPSS
4.14%
89.6th percentile
Integer underflow in Brotli, as used in Mozilla Firefox before 45.0, allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted data with brotli compression.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | brotli | < brotli 0.3.0+dfsg-3 (bookworm) | brotli 0.3.0+dfsg-3 (bookworm) |
| debian | firefox | < brotli 0.3.0+dfsg-3 (bookworm) | brotli 0.3.0+dfsg-3 (bookworm) |
| debian | firefox-esr | < brotli 0.3.0+dfsg-3 (bookworm) | brotli 0.3.0+dfsg-3 (bookworm) |
| mozilla | firefox | <= 44.0.2 | — |
| mozilla | firefox | >= 0 < 45.0+build2-0ubuntu0.14.04.1 | 45.0+build2-0ubuntu0.14.04.1 |
| mozilla | firefox | >= 0 < 45.0.2+build1-0ubuntu0.14.04.1 | 45.0.2+build1-0ubuntu0.14.04.1 |
| mozilla | firefox | >= 0 < 45.0.1+build1-0ubuntu0.14.04.2 | 45.0.1+build1-0ubuntu0.14.04.2 |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.8HIGH
vendor_debian8.8HIGH
vendor_redhat8.8HIGH
vendor_ubuntu8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mgw3-h49g-5mxp: Integer underflow in Brotli, as used in Mozilla Firefox before 45
ghsa_unreviewed·2022-05-17
CVE-2016-1968 [HIGH] GHSA-mgw3-h49g-5mxp: Integer underflow in Brotli, as used in Mozilla Firefox before 45
Integer underflow in Brotli, as used in Mozilla Firefox before 45.0, allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted data with brotli compression.
OSV
firefox regressions
osv·2016-04-19·CVSS 8.8
[HIGH] firefox regressions
firefox regressions
USN-2917-1 fixed vulnerabilities in Firefox. This update caused several
web compatibility regressions.
This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Francis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS.
If a user were tricked in to opening a specially crafted website, an
attacker could potentially exploit this to cause a denial of service via
application crash, or execute arbitrary code with the privileges of the
user invoking Firefox. (CVE-2016-1950)
Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel
Holbert, Jesse Ruderman, Randell Jesup, Carsten Book, Gian-Carlo Pascutto,
Tyson Smith, Andrea Marchesini, and Jukka Jylänki discovered multiple
memory safety issues in Firefox.
OSV
firefox regressions
osv·2016-04-07·CVSS 8.8
[HIGH] firefox regressions
firefox regressions
USN-2917-1 fixed vulnerabilities in Firefox. This update caused several
regressions that could result in search engine settings being lost, the
list of search providers appearing empty or the location bar breaking
after typing an invalid URL. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Francis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS.
If a user were tricked in to opening a specially crafted website, an
attacker could potentially exploit this to cause a denial of service via
application crash, or execute arbitrary code with the privileges of the
user invoking Firefox. (CVE-2016-1950)
Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel
Holbert, Jesse Ruderman, Randell Jesup,
OSV
CVE-2016-1968: Integer underflow in Brotli, as used in Mozilla Firefox before 45
osv·2016-03-13·CVSS 8.8
CVE-2016-1968 [HIGH] CVE-2016-1968: Integer underflow in Brotli, as used in Mozilla Firefox before 45
Integer underflow in Brotli, as used in Mozilla Firefox before 45.0, allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted data with brotli compression.
OSV
firefox vulnerabilities
osv·2016-03-09·CVSS 8.8
CVE-2016-1950 [HIGH] firefox vulnerabilities
firefox vulnerabilities
Francis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS.
If a user were tricked in to opening a specially crafted website, an
attacker could potentially exploit this to cause a denial of service via
application crash, or execute arbitrary code with the privileges of the
user invoking Firefox. (CVE-2016-1950)
Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel
Holbert, Jesse Ruderman, Randell Jesup, Carsten Book, Gian-Carlo Pascutto,
Tyson Smith, Andrea Marchesini, and Jukka Jylänki discovered multiple
memory safety issues in Firefox. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit these to
cause a denial of service via application crash, or execute arbitrary code
with the
Ubuntu
Firefox regressions
vendor_ubuntu·2016-04-19·CVSS 8.8
[HIGH] Firefox regressions
Title: Firefox regressions
Summary: USN-2917-1 introduced several regressions in Firefox.
USN-2917-1 fixed vulnerabilities in Firefox. This update caused several
web compatibility regressions.
This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Francis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS.
If a user were tricked in to opening a specially crafted website, an
attacker could potentially exploit this to cause a denial of service via
application crash, or execute arbitrary code with the privileges of the
user invoking Firefox. (CVE-2016-1950)
Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel
Holbert, Jesse Ruderman, Randell Jesup, Carsten Book, Gian-Carlo Pascutto,
Tyson Smith, Andrea Marchesini,
Ubuntu
Firefox regressions
vendor_ubuntu·2016-04-07·CVSS 8.8
[HIGH] Firefox regressions
Title: Firefox regressions
Summary: USN-2917-1 introduced several regressions in Firefox.
USN-2917-1 fixed vulnerabilities in Firefox. This update caused several
regressions that could result in search engine settings being lost, the
list of search providers appearing empty or the location bar breaking
after typing an invalid URL. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Francis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS.
If a user were tricked in to opening a specially crafted website, an
attacker could potentially exploit this to cause a denial of service via
application crash, or execute arbitrary code with the privileges of the
user invoking Firefox. (CVE-2016-1950)
Bob Clary, Christoph Diehl, Christian H
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2016-03-09·CVSS 8.8
CVE-2016-1950 [HIGH] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Francis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS.
If a user were tricked in to opening a specially crafted website, an
attacker could potentially exploit this to cause a denial of service via
application crash, or execute arbitrary code with the privileges of the
user invoking Firefox. (CVE-2016-1950)
Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel
Holbert, Jesse Ruderman, Randell Jesup, Carsten Book, Gian-Carlo Pascutto,
Tyson Smith, Andrea Marchesini, and Jukka Jylänki discovered multiple
memory safety issues in Firefox. If a user were tricked in to opening a
specially crafted website, an attacker could p
Red Hat
Mozilla: Buffer overflow in Brotli decompression (MFSA 2016-30)
vendor_redhat·2016-03-08·CVSS 8.8
CVE-2016-1968 [HIGH] Mozilla: Buffer overflow in Brotli decompression (MFSA 2016-30)
Mozilla: Buffer overflow in Brotli decompression (MFSA 2016-30)
Integer underflow in Brotli, as used in Mozilla Firefox before 45.0, allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted data with brotli compression.
Statement: This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5, 6 and 7.
Package: firefox (Red Hat Enterprise Linux 5) - Not affected
Package: thunderbird (Red Hat Enterprise Linux 5) - Not affected
Package: firefox (Red Hat Enterprise Linux 6) - Not affected
Package: thunderbird (Red Hat Enterprise Linux 6) - Not affected
Package: firefox (Red Hat Enterprise Linux 7) - Not affected
Package: thunderbird (Red Hat Enterprise Linux 7) - Not affected
Debian
CVE-2016-1968: brotli - Integer underflow in Brotli, as used in Mozilla Firefox before 45.0, allows remo...
vendor_debian·2016·CVSS 8.8
CVE-2016-1968 [HIGH] CVE-2016-1968: brotli - Integer underflow in Brotli, as used in Mozilla Firefox before 45.0, allows remo...
Integer underflow in Brotli, as used in Mozilla Firefox before 45.0, allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted data with brotli compression.
Scope: local
bookworm: resolved (fixed in 0.3.0+dfsg-3)
bullseye: resolved (fixed in 0.3.0+dfsg-3)
forky: resolved (fixed in 0.3.0+dfsg-3)
sid: resolved (fixed in 0.3.0+dfsg-3)
trixie: resolved (fixed in 0.3.0+dfsg-3)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2016-5398 stored XSS in JBoss BPM suite business process editor
bugzilla·2016-07-20·CVSS 5.4
CVE-2016-5398 [MEDIUM] CVE-2016-5398 stored XSS in JBoss BPM suite business process editor
CVE-2016-5398 stored XSS in JBoss BPM suite business process editor
JBoss BPM Suite 6.3.0 is vulnerable to a stored XSS via business process
editor. Remote authenticated attackers that have privileges to create business processes can store scripts in them, which are not properly sanitized before showing to other users, including admins.
Discussion:
Acknowledgments:
Name: Jeremy Choi (Red Hat Product Security Team)
---
This issue has been addressed in the following products:
Red Hat JBoss BPM Suite 6.3.3
Via RHSA-2016:1969 https://rhn.redhat.com/errata/RHSA-2016-1969.html
---
This issue has been addressed in the following products:
Red Hat JBoss BRMS 6.3.3
Via RHSA-2016:1968 https://rhn.redhat.com/errata/RHSA-2016-1968.html
Bugzilla
CVE-2016-1968 Mozilla: Buffer overflow in Brotli decompression (MFSA 2016-30)
bugzilla·2016-03-08·CVSS 8.8
CVE-2016-1968 [HIGH] CVE-2016-1968 Mozilla: Buffer overflow in Brotli decompression (MFSA 2016-30)
CVE-2016-1968 Mozilla: Buffer overflow in Brotli decompression (MFSA 2016-30)
Security researcher Luke Li reported a pointer underflow bug in the Brotli library's decompression that leads to a buffer overflow. This results in a potentially exploitable crash when triggered.
External Reference:
https://www.mozilla.org/security/announce/2016/mfsa2016-30.html
Acknowledgements:
Name: the Mozilla project
Upstream: Luke Li
Statement:
This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5, 6 and 7.
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.htmlhttp://www.mozilla.org/security/announce/2016/mfsa2016-30.htmlhttp://www.securitytracker.com/id/1035215http://www.ubuntu.com/usn/USN-2917-1http://www.ubuntu.com/usn/USN-2917-2http://www.ubuntu.com/usn/USN-2917-3https://bugzilla.mozilla.org/show_bug.cgi?id=1246742https://security.gentoo.org/glsa/201605-06http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.htmlhttp://www.mozilla.org/security/announce/2016/mfsa2016-30.htmlhttp://www.securitytracker.com/id/1035215http://www.ubuntu.com/usn/USN-2917-1http://www.ubuntu.com/usn/USN-2917-2http://www.ubuntu.com/usn/USN-2917-3https://bugzilla.mozilla.org/show_bug.cgi?id=1246742https://security.gentoo.org/glsa/201605-06
2016-03-13
Published