7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
AI Score
Confidence
High
0.052 Low
EPSS
Percentile
93.0%
Multiple serious vulnerabilities have been found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to cause denial of service, obtain sensitive information, execute arbitrary code, spoof user interface, bypass security restrictions, conduct cross-site scripting or read local files.
Below is a complete list of vulnerabilities
Technical details
To exploit vulnerability β2 can be exploited via vectors related to Http2Session::Shutdown, SpdySession31::Shutdown, and other vectors.
Vulnerability β3 can be exploited via malformed video and Gecko Media Plugin (GMP) sandbox bypass.
Vulnerability β4 caused by Heap-based buffer overflow in the nsBidi::BracketData::AddOpening function
Vulnerability β5 related to cairo _cairo_surface_get_extents calls that do not properly interact with libav header allocation in FFmpeg 0.10
Vulnerability β8 caused by Stack-based buffer underflow in the mozilla::gfx::BasePoint4d function
Vulnerability β10 related to nsXULPopupManager::KeyDown function
Vulnerability β11 related to js::PreliminaryObjectArray::sweep function
Vulnerability β12 related to WebRTC socket thread
Vulnerability β13 related to CanonicalizeXPCOMParticipant function
Vulnerability β14 caused by mishandling changes from βINPUT type=βpasswordββ to βINPUT type=βtextββ within a single Session Manager session
Vulnerability β15 can be exploited via packets that trigger incorrect buffer-resize operations during buffering
Vulnerability β16 related to process JavaScript event-handler attributes of a MARQUEE element within a sandboxed IFRAME element that lacks the sandbox=βallow-scriptsβ attribute value
Vulnerability β17 related to nsDisplayList::HitTest function that mishandles rendering display transformation
Vulnerability β18 related to nsNodeUtils::NativeAnonymousChildListChange function
Vulnerability β20 caused by not restricted drag-and-drop (aka dataTransfer) actions for file: URIs
Vulnerability β21 can be exploited via left-to-right characters in conjunction with a right-to-left character set. (Android)
Vulnerability β22 caused by an improper LINKABLE and URI_SAFE_FOR_UNTRUSTED_CONTENT flags handling.
Mozilla Foundation Security Advisories page
CVE-2016-5250 warning
CVE-2016-5261 critical
CVE-2016-2830 warning
CVE-2016-2835 high
CVE-2016-2836 high
CVE-2016-2837 high
CVE-2016-2838 high
CVE-2016-2839 warning
CVE-2016-5251 warning
CVE-2016-5252 high
CVE-2016-5253 warning
CVE-2016-5254 critical
CVE-2016-5255 high
CVE-2016-5258 high
CVE-2016-5259 high
CVE-2016-5260 warning
CVE-2016-5262 warning
CVE-2016-5263 high
CVE-2016-5264 high
CVE-2016-5265 warning
CVE-2016-5266 high
CVE-2016-5267 warning
CVE-2016-5268 warning
Update to the latest versionGet Mozilla Firefox
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.
Read Local Files. Exploitation of vulnerabilities with this impact can lead to reading some inaccessible files. Files that can be read depends on conΡrete program errors.
Cross site scripting. Exploitation of vulnerabilities with this impact can lead to partial interception of information transmitted between user and site.
Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
AI Score
Confidence
High
0.052 Low
EPSS
Percentile
93.0%