CVE-2016-1931

CRITICAL

Mozilla Firefox <44.0 - Memory Corruption

Title source: llm

Description

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to uninitialized memory encountered during brotli data compression, and other vectors.

References (21)

Core 21

Core References

Issue Tracking x_refsource_confirm

https://bugzilla.mozilla.org/show_bug.cgi?id=1206675

Issue Tracking x_refsource_confirm

https://bugzilla.mozilla.org/show_bug.cgi?id=1207298

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1034825

Issue Tracking x_refsource_confirm

https://bugzilla.mozilla.org/show_bug.cgi?id=1234576

Issue Tracking x_refsource_confirm

https://bugzilla.mozilla.org/show_bug.cgi?id=1186973

Issue Tracking x_refsource_confirm

https://bugzilla.mozilla.org/show_bug.cgi?id=1209358

Issue Tracking x_refsource_confirm

https://bugzilla.mozilla.org/show_bug.cgi?id=1209366

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-2880-1

Vendor Advisory x_refsource_confirm

http://www.mozilla.org/security/announce/2016/mfsa2016-01.html

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-2880-2

Issue Tracking x_refsource_confirm

https://bugzilla.mozilla.org/show_bug.cgi?id=1222015

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html

Issue Tracking x_refsource_confirm

https://bugzilla.mozilla.org/show_bug.cgi?id=1180064

Issue Tracking x_refsource_confirm

https://bugzilla.mozilla.org/show_bug.cgi?id=1209368

Issue Tracking x_refsource_confirm

https://bugzilla.mozilla.org/show_bug.cgi?id=1209546

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/81953

Third Party Advisory vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/201605-06

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html

Issue Tracking x_refsource_confirm

https://bugzilla.mozilla.org/show_bug.cgi?id=1231121

Issue Tracking x_refsource_confirm

https://bugzilla.mozilla.org/show_bug.cgi?id=1209365

Issue Tracking x_refsource_confirm

https://bugzilla.mozilla.org/show_bug.cgi?id=1229825

Scores

CVSS v3 10.0

EPSS 0.0254

EPSS Percentile 85.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-119

Status published

Products (4)

mozilla/firefox < 43.0.4

opensuse/leap 42.1

opensuse/opensuse 13.1

opensuse/opensuse 13.2

Published Jan 31, 2016

Tracked Since Feb 18, 2026