usn-2917-1
Vulnerability from osv_ubuntu
Published
2016-03-09 15:28
Modified
2026-04-22 07:36
Summary
firefox vulnerabilities
Details

Francis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1950)

Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel Holbert, Jesse Ruderman, Randell Jesup, Carsten Book, Gian-Carlo Pascutto, Tyson Smith, Andrea Marchesini, and Jukka Jylänki discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1952, CVE-2016-1953)

Nicolas Golubovic discovered that CSP violation reports can be used to overwrite local files. If a user were tricked in to opening a specially crafted website with addon signing disabled and unpacked addons installed, an attacker could potentially exploit this to gain additional privileges. (CVE-2016-1954)

Muneaki Nishimura discovered that CSP violation reports contained full paths for cross-origin iframe navigations. An attacker could potentially exploit this to steal confidential data. (CVE-2016-1955)

Ucha Gobejishvili discovered that performing certain WebGL operations resulted in memory resource exhaustion with some Intel GPUs, requiring a reboot. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service. (CVE-2016-1956)

Jose Martinez and Romina Santillan discovered a memory leak in libstagefright during MPEG4 video file processing in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via memory exhaustion. (CVE-2016-1957)

Abdulrahman Alqabandi discovered that the addressbar could be blank or filled with page defined content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct URL spoofing attacks. (CVE-2016-1958)

Looben Yang discovered an out-of-bounds read in Service Worker Manager. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1959)

A use-after-free was discovered in the HTML5 string parser. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1960)

A use-after-free was discovered in the SetBody function of HTMLDocument. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1961)

Dominique Hazaël-Massieux discovered a use-after-free when using multiple WebRTC data channels. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1962)

It was discovered that Firefox crashes when local files are modified whilst being read by the FileReader API. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1963)

Nicolas Grégoire discovered a use-after-free during XML transformations. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1964)

Tsubasa Iinuma discovered a mechanism to cause the addressbar to display an incorrect URL, using history navigations and the Location protocol property. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct URL spoofing attacks. (CVE-2016-1965)

A memory corruption issues was discovered in the NPAPI subsystem. If a user were tricked in to opening a specially crafted website with a malicious plugin installed, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1966)

Jordi Chancel discovered a same-origin-policy bypass when using performance.getEntries and history navigation with session restore. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to steal confidential data. (CVE-2016-1967)

Luke Li discovered a buffer overflow during Brotli decompression in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1968)

Ronald Crane discovered a use-after-free in GetStaticInstance in WebRTC. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1973)

Ronald Crane discovered an out-of-bounds read following a failed allocation in the HTML parser in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1974)

Holger Fuhrmannek, Tyson Smith and Holger Fuhrmannek reported multiple memory safety issues in the Graphite 2 library. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802)

References
https://ubuntu.com/security/notices/USN-2917-1 ADVISORY
https://ubuntu.com/security/CVE-2016-1950 REPORT
https://ubuntu.com/security/CVE-2016-1952 REPORT
https://ubuntu.com/security/CVE-2016-1953 REPORT
https://ubuntu.com/security/CVE-2016-1954 REPORT
https://ubuntu.com/security/CVE-2016-1955 REPORT
https://ubuntu.com/security/CVE-2016-1956 REPORT
https://ubuntu.com/security/CVE-2016-1957 REPORT
https://ubuntu.com/security/CVE-2016-1958 REPORT
https://ubuntu.com/security/CVE-2016-1959 REPORT
https://ubuntu.com/security/CVE-2016-1960 REPORT
https://ubuntu.com/security/CVE-2016-1961 REPORT
https://ubuntu.com/security/CVE-2016-1962 REPORT
https://ubuntu.com/security/CVE-2016-1963 REPORT
https://ubuntu.com/security/CVE-2016-1964 REPORT
https://ubuntu.com/security/CVE-2016-1965 REPORT
https://ubuntu.com/security/CVE-2016-1966 REPORT
https://ubuntu.com/security/CVE-2016-1967 REPORT
https://ubuntu.com/security/CVE-2016-1968 REPORT
https://ubuntu.com/security/CVE-2016-1973 REPORT
https://ubuntu.com/security/CVE-2016-1974 REPORT
https://ubuntu.com/security/CVE-2016-1977 REPORT
https://ubuntu.com/security/CVE-2016-2790 REPORT
https://ubuntu.com/security/CVE-2016-2791 REPORT
https://ubuntu.com/security/CVE-2016-2792 REPORT
https://ubuntu.com/security/CVE-2016-2793 REPORT
https://ubuntu.com/security/CVE-2016-2794 REPORT
https://ubuntu.com/security/CVE-2016-2795 REPORT
https://ubuntu.com/security/CVE-2016-2796 REPORT
https://ubuntu.com/security/CVE-2016-2797 REPORT
https://ubuntu.com/security/CVE-2016-2798 REPORT
https://ubuntu.com/security/CVE-2016-2799 REPORT
https://ubuntu.com/security/CVE-2016-2800 REPORT
https://ubuntu.com/security/CVE-2016-2801 REPORT
https://ubuntu.com/security/CVE-2016-2802 REPORT

{
  "affected": [
    {
      "database_specific": {
        "cves_map": {
          "cves": [
            {
              "id": "CVE-2016-1950",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-1952",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-1953",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-1954",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-1955",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-1956",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-1957",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-1958",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-1959",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-1960",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-1961",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-1962",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-1963",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-1964",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-1965",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-1966",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-1967",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-1968",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-1973",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-1974",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-1977",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-2790",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-2791",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-2792",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-2793",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-2794",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-2795",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-2796",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-2797",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-2798",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-2799",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-2800",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-2801",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2016-2802",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            }
          ],
          "ecosystem": "Ubuntu:14.04:LTS"
        }
      },
      "ecosystem_specific": {
        "availability": "No subscription required",
        "binaries": [
          {
            "binary_name": "firefox",
            "binary_version": "45.0+build2-0ubuntu0.14.04.1"
          },
          {
            "binary_name": "firefox-globalmenu",
            "binary_version": "45.0+build2-0ubuntu0.14.04.1"
          },
          {
            "binary_name": "firefox-mozsymbols",
            "binary_version": "45.0+build2-0ubuntu0.14.04.1"
          },
          {
            "binary_name": "firefox-testsuite",
            "binary_version": "45.0+build2-0ubuntu0.14.04.1"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:14.04:LTS",
        "name": "firefox",
        "purl": "pkg:deb/ubuntu/firefox@45.0+build2-0ubuntu0.14.04.1?arch=source\u0026distro=trusty"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "45.0+build2-0ubuntu0.14.04.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "24.0+build1-0ubuntu1",
        "25.0+build3-0ubuntu0.13.10.1",
        "28.0~b2+build1-0ubuntu2",
        "28.0+build1-0ubuntu1",
        "28.0+build2-0ubuntu1",
        "28.0+build2-0ubuntu2",
        "29.0+build1-0ubuntu0.14.04.2",
        "30.0+build1-0ubuntu0.14.04.3",
        "31.0+build1-0ubuntu0.14.04.1",
        "32.0+build1-0ubuntu0.14.04.1",
        "32.0.3+build1-0ubuntu0.14.04.1",
        "33.0+build2-0ubuntu0.14.04.1",
        "34.0+build2-0ubuntu0.14.04.1",
        "35.0+build3-0ubuntu0.14.04.2",
        "35.0.1+build1-0ubuntu0.14.04.1",
        "36.0+build2-0ubuntu0.14.04.4",
        "36.0.1+build2-0ubuntu0.14.04.1",
        "36.0.4+build1-0ubuntu0.14.04.1",
        "37.0+build2-0ubuntu0.14.04.1",
        "37.0.1+build1-0ubuntu0.14.04.1",
        "37.0.2+build1-0ubuntu0.14.04.1",
        "38.0+build3-0ubuntu0.14.04.1",
        "39.0+build5-0ubuntu0.14.04.1",
        "39.0.3+build2-0ubuntu0.14.04.1",
        "40.0+build4-0ubuntu0.14.04.1",
        "40.0+build4-0ubuntu0.14.04.4",
        "40.0.3+build1-0ubuntu0.14.04.1",
        "41.0+build3-0ubuntu0.14.04.1",
        "41.0.1+build2-0ubuntu0.14.04.1",
        "41.0.2+build2-0ubuntu0.14.04.1",
        "42.0+build2-0ubuntu0.14.04.1",
        "43.0+build1-0ubuntu0.14.04.1",
        "43.0.4+build3-0ubuntu0.14.04.1",
        "44.0+build3-0ubuntu0.14.04.1",
        "44.0.1+build2-0ubuntu0.14.04.1",
        "44.0.2+build1-0ubuntu0.14.04.1"
      ]
    }
  ],
  "aliases": [],
  "details": "Francis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS.\nIf a user were tricked in to opening a specially crafted website, an\nattacker could potentially exploit this to cause a denial of service via\napplication crash, or execute arbitrary code with the privileges of the\nuser invoking Firefox. (CVE-2016-1950)\n\nBob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel\nHolbert, Jesse Ruderman, Randell Jesup, Carsten Book, Gian-Carlo Pascutto,\nTyson Smith, Andrea Marchesini, and Jukka Jyl\u00e4nki discovered multiple\nmemory safety issues in Firefox. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit these to\ncause a denial of service via application crash, or execute arbitrary code\nwith the privileges of the user invoking Firefox. (CVE-2016-1952,\nCVE-2016-1953)\n\nNicolas Golubovic discovered that CSP violation reports can be used to\noverwrite local files. If a user were tricked in to opening a specially\ncrafted website with addon signing disabled and unpacked addons installed,\nan attacker could potentially exploit this to gain additional privileges.\n(CVE-2016-1954)\n\nMuneaki Nishimura discovered that CSP violation reports contained full\npaths for cross-origin iframe navigations. An attacker could potentially\nexploit this to steal confidential data. (CVE-2016-1955)\n\nUcha Gobejishvili discovered that performing certain WebGL operations\nresulted in memory resource exhaustion with some Intel GPUs, requiring\na reboot. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial\nof service. (CVE-2016-1956)\n\nJose Martinez and Romina Santillan discovered a memory leak in\nlibstagefright during MPEG4 video file processing in some circumstances.\nIf a user were tricked in to opening a specially crafted website, an\nattacker could potentially exploit this to cause a denial of service via\nmemory exhaustion. (CVE-2016-1957)\n\nAbdulrahman Alqabandi discovered that the addressbar could be blank or\nfilled with page defined content in some circumstances. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit this to conduct URL spoofing attacks. (CVE-2016-1958)\n\nLooben Yang discovered an out-of-bounds read in Service Worker Manager. If\na user were tricked in to opening a specially crafted website, an attacker\ncould potentially exploit this to cause a denial of service via\napplication crash, or execute arbitrary code with the privileges of the\nuser invoking Firefox. (CVE-2016-1959)\n\nA use-after-free was discovered in the HTML5 string parser. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the user invoking\nFirefox. (CVE-2016-1960)\n\nA use-after-free was discovered in the SetBody function of HTMLDocument.\nIf a user were tricked in to opening a specially crafted website, an\nattacker could potentially exploit this to cause a denial of service via\napplication crash, or execute arbitrary code with the privileges of the\nuser invoking Firefox. (CVE-2016-1961)\n\nDominique Haza\u00ebl-Massieux discovered a use-after-free when using multiple\nWebRTC data channels. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit this to cause a\ndenial of service via application crash, or execute arbitrary code with\nthe privileges of the user invoking Firefox. (CVE-2016-1962)\n\nIt was discovered that Firefox crashes when local files are modified\nwhilst being read by the FileReader API. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially exploit\nthis to execute arbitrary code with the privileges of the user invoking\nFirefox. (CVE-2016-1963)\n\nNicolas Gr\u00e9goire discovered a use-after-free during XML transformations.\nIf a user were tricked in to opening a specially crafted website, an\nattacker could potentially exploit this to cause a denial of service via\napplication crash, or execute arbitrary code with the privileges of the\nuser invoking Firefox. (CVE-2016-1964)\n\nTsubasa Iinuma discovered a mechanism to cause the addressbar to display\nan incorrect URL, using history navigations and the Location protocol\nproperty. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to conduct URL\nspoofing attacks. (CVE-2016-1965)\n\nA memory corruption issues was discovered in the NPAPI subsystem. If\na user were tricked in to opening a specially crafted website with a\nmalicious plugin installed, an attacker could potentially exploit this\nto cause a denial of service via application crash, or execute arbitrary\ncode with the privileges of the user invoking Firefox. (CVE-2016-1966)\n\nJordi Chancel discovered a same-origin-policy bypass when using\nperformance.getEntries and history navigation with session restore. If\na user were tricked in to opening a specially crafted website, an attacker\ncould potentially exploit this to steal confidential data. (CVE-2016-1967)\n\nLuke Li discovered a buffer overflow during Brotli decompression in some\ncircumstances. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial of\nservice via application crash, or execute arbitrary code with the\nprivileges of the user invoking Firefox. (CVE-2016-1968)\n\nRonald Crane discovered a use-after-free in GetStaticInstance in WebRTC.\nIf a user were tricked in to opening a specially crafted website, an\nattacker could potentially exploit this to cause a denial of service via\napplication crash, or execute arbitrary code with the privileges of the\nuser invoking Firefox. (CVE-2016-1973)\n\nRonald Crane discovered an out-of-bounds read following a failed\nallocation in the HTML parser in some circumstances. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the user invoking\nFirefox. (CVE-2016-1974)\n\nHolger Fuhrmannek, Tyson Smith and Holger Fuhrmannek reported multiple\nmemory safety issues in the Graphite 2 library. If a user were tricked in\nto opening a specially crafted website, an attacker could potentially\nexploit these to cause a denial of service via application crash, or\nexecute arbitrary code with the privileges of the user invoking Firefox.\n(CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792,\nCVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797,\nCVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802)\n",
  "id": "USN-2917-1",
  "modified": "2026-04-22T07:36:33Z",
  "published": "2016-03-09T15:28:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://ubuntu.com/security/notices/USN-2917-1"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-1950"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-1952"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-1953"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-1954"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-1955"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-1956"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-1957"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-1958"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-1959"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-1960"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-1961"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-1962"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-1963"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-1964"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-1965"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-1966"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-1967"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-1968"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-1973"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-1974"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-1977"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-2790"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-2791"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-2792"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-2793"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-2794"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-2795"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-2796"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-2797"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-2798"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-2799"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-2800"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-2801"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-2802"
    }
  ],
  "related": [],
  "schema_version": "1.7.0",
  "summary": "firefox vulnerabilities",
  "upstream": [
    "UBUNTU-CVE-2016-1950",
    "UBUNTU-CVE-2016-1952",
    "UBUNTU-CVE-2016-1953",
    "UBUNTU-CVE-2016-1954",
    "UBUNTU-CVE-2016-1955",
    "UBUNTU-CVE-2016-1956",
    "UBUNTU-CVE-2016-1957",
    "UBUNTU-CVE-2016-1958",
    "UBUNTU-CVE-2016-1959",
    "UBUNTU-CVE-2016-1960",
    "UBUNTU-CVE-2016-1961",
    "UBUNTU-CVE-2016-1962",
    "UBUNTU-CVE-2016-1963",
    "UBUNTU-CVE-2016-1964",
    "UBUNTU-CVE-2016-1965",
    "UBUNTU-CVE-2016-1966",
    "UBUNTU-CVE-2016-1967",
    "UBUNTU-CVE-2016-1968",
    "UBUNTU-CVE-2016-1973",
    "UBUNTU-CVE-2016-1974",
    "UBUNTU-CVE-2016-1977",
    "UBUNTU-CVE-2016-2790",
    "UBUNTU-CVE-2016-2791",
    "UBUNTU-CVE-2016-2792",
    "UBUNTU-CVE-2016-2793",
    "UBUNTU-CVE-2016-2794",
    "UBUNTU-CVE-2016-2795",
    "UBUNTU-CVE-2016-2796",
    "UBUNTU-CVE-2016-2797",
    "UBUNTU-CVE-2016-2798",
    "UBUNTU-CVE-2016-2799",
    "UBUNTU-CVE-2016-2800",
    "UBUNTU-CVE-2016-2801",
    "UBUNTU-CVE-2016-2802"
  ]
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…