CVE-2016-9063Integer Overflow or Wraparound in Mozilla Firefox

CWE-190Integer Overflow or Wraparound18 documents8 sources
Severity
9.8CRITICALNVD
EPSS
2.4%
top 14.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
11
Mozilla FirefoxPythonDebian Expat+8 more
Timeline
PublishedJun 11
Latest updateMay 14

Description

An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages12 packages

debiandebian/expat< expat 2.2.0-2 (bookworm)
debiandebian/firefox< expat 2.2.0-2 (bookworm)
CVEListV5mozilla/firefoxunspecified50
NVDmozilla/firefox< 50
debiandebian/firefox-esr< expat 2.2.0-2 (bookworm)

Also affects: Debian Linux 10.0, 8.0, 9.0

🔴Vulnerability Details

3
GHSA
GHSA-v3g4-2m5p-cjh4: An integer overflow during the parsing of XML using the Expat library2022-05-14
OSV
CVE-2016-9063: An integer overflow during the parsing of XML using the Expat library2018-06-11
OSV
firefox vulnerabilities2016-11-19

📋Vendor Advisories

7
Apple
CVE-2016-9063: macOS High Sierra 10.132017-09-25
Apple
CVE-2016-9063: tvOS 112017-09-19
Apple
CVE-2016-9063: watchOS 42017-09-19
Apple
CVE-2016-9063: iOS 112017-09-19
Ubuntu
Firefox vulnerabilities2016-11-19

💬Community

7
Bugzilla
CVE-2016-9063 mingw-expat: firefox: Possible integer overflow to fix inside XML_Parse in Expat [fedora-all]2017-08-04
Bugzilla
CVE-2016-9063 mingw-expat: firefox: Possible integer overflow to fix inside XML_Parse in Expat [epel-7]2017-06-19
Bugzilla
CVE-2016-9063 compat-expat1: firefox: Possible integer overflow to fix inside XML_Parse in Expat [fedora-all]2017-06-19
Bugzilla
CVE-2016-9063 expat: firefox: Possible integer overflow to fix inside XML_Parse in Expat [fedora-all]2017-06-19
Bugzilla
CVE-2016-9063 expat21: firefox: Possible integer overflow to fix inside XML_Parse in Expat [epel-all]2017-06-19