CVE-2016-1947

MEDIUM

Mozilla Firefox <43 - Info Disclosure

Title source: llm

Description

Mozilla Firefox 43.x mishandles attempts to connect to the Application Reputation service, which makes it easier for remote attackers to trigger an unintended download by leveraging the absence of reputation data.

References (9)

[Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html

[Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html

[Vendor Advisory] http://www.mozilla.org/security/announce/2016/mfsa2016-11.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/81949

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1034825

[Third Party Advisory] http://www.ubuntu.com/usn/USN-2880-1

[Third Party Advisory] http://www.ubuntu.com/usn/USN-2880-2

[Issue Tracking, Vendor Advisory] https://bugzilla.mozilla.org/show_bug.cgi?id=1237103

[Third Party Advisory, VDB Entry] https://security.gentoo.org/glsa/201605-06

Scores

CVSS v3 4.7

EPSS 0.0057

EPSS Percentile 68.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

Classification

CWE

CWE-19

Status draft

Affected Products (12)

canonical/ubuntu_linux

opensuse/leap

opensuse/opensuse

mozilla/firefox

Timeline

Published Jan 31, 2016

Tracked Since Feb 18, 2026