10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
8.7 High
AI Score
Confidence
High
0.04 Low
EPSS
Percentile
92.1%
Multiple serious vulnerabilities have been found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, spoof user interface and execute arbitrary code.
Below is a complete list of vulnerabilities
Technical details
Vulnerability (1) related to uninitialized memory encountered during brotli data compression.
Vulnerability (3) related to the BufferSubData function.
Vulnerability (4) related to violation of RFC6265: storing cookies with vertical tab characters. This vulnerability exists beacause of an incomplete fix for CVE-2015-7208.
Vulnerability (5) related to data: URLs opened from bookmark or saved shortcut. Improper host handling in this case cause data: URL still showed even after redirect.
Vulnerability (6) related to lack of delay between protocol handler dialog appears and dialog action can be conducted. This can lead double click interpreted as two single clicks let complete some action in new dialog.
Vulnerability (7) related to s_mp_div function in lib/freebl/mpi/mpi.c which improperly manipulates with mp_div or mp_exptmod functions.
Vulnerability (8) related to lack of delay between download dialog getting focus and download button getting enabled. So attacker caused user to make double click can open download dialog by first and accept it by second click.
Vulnerability (9) related to scrollTo() function. By using this function attacker can scroll address bar out of view and replace it with a fake address bar.
Vulnerability (10) related to situation where invalid URL with wyciwyg: or resource: protocols pasted to address bar. In this case address bar content can be manipulated to show improper location.
Vulnerability (11) related to Buffer11::NativeBuffer11::map function.
Vulnerability (12) related to nsZipArchive function.
Vulnerability (13) related to MoofParser::Metadata function in binding/MoofParser.cpp. This vulnerability can be triggered via specially designed metadata in MP4 file.
Vulnerability (14) caused by mishandling of reputation data absence which can easier to trigger unintended download.
Mozilla foundation security advisories
CVE-2016-1948 warning
CVE-2016-1947 warning
CVE-2016-1946 critical
CVE-2016-1945 critical
CVE-2016-1944 critical
CVE-2016-1943 warning
CVE-2016-1942 warning
CVE-2016-1941 warning
CVE-2016-1940 warning
CVE-2016-1939 warning
CVE-2016-1938 high
CVE-2016-1937 warning
CVE-2016-1935 critical
CVE-2016-1933 warning
CVE-2016-1931 critical
CVE-2016-1930 critical
Update to the latest versionDownload Firefox
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.
Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.
Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
8.7 High
AI Score
Confidence
High
0.04 Low
EPSS
Percentile
92.1%