Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

None

Privileges Required

None

Attack Vector

Network

0

CVE-2016-1930

Disclosure Date: January 31, 2016 •

CVE-2016-1930 CVSS v3 Base Score: 9.8

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

9.8 Critical

Impact Score:

5.9

Exploitability Score:

3.9

Vector:

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV):

Network

Attack Complexity (AC):

Low

Privileges Required (PR):

None

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

High

Vendors

mozilla,
opensuse,
oracle

Products

firefox,
firefox esr 38.0,
firefox esr 38.1.0,
firefox esr 38.2.0,
firefox esr 38.3.0,
firefox esr 38.4.0,
firefox esr 38.5.0,
leap 42.1,
linux 5.0,
linux 6,
linux 7,
opensuse 13.1,
opensuse 13.2

References

Canonical

CVE-2016-1930 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1930)

BID-81953 (http://www.securityfocus.com/bid/81953)

Advisory

DSA-3457 (http://www.debian.org/security/2016/dsa-3457)

DSA-3491 (http://www.debian.org/security/2016/dsa-3491)

https://bugzilla.mozilla.org/show_bug.cgi?id=1234571

http://lists.opensuse.org/opensuse-updates/2016-02/msg00105.html

https://bugzilla.mozilla.org/show_bug.cgi?id=1223670

SECTRACK-1034825 (http://www.securitytracker.com/id/1034825)

https://bugzilla.mozilla.org/show_bug.cgi?id=1234280

https://bugzilla.mozilla.org/show_bug.cgi?id=1221385

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

http://rhn.redhat.com/errata/RHSA-2016-0071.html

USN-2880-1 (http://www.ubuntu.com/usn/USN-2880-1)

http://www.mozilla.org/security/announce/2016/mfsa2016-01.html

USN-2880-2 (http://www.ubuntu.com/usn/USN-2880-2)

https://bugzilla.mozilla.org/show_bug.cgi?id=1224200

https://bugzilla.mozilla.org/show_bug.cgi?id=1233152

https://bugzilla.mozilla.org/show_bug.cgi?id=1230668

http://rhn.redhat.com/errata/RHSA-2016-0258.html

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00010.html

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html

USN-2904-1 (http://www.ubuntu.com/usn/USN-2904-1)

https://bugzilla.mozilla.org/show_bug.cgi?id=1230639

https://bugzilla.mozilla.org/show_bug.cgi?id=1230686

GLSA-201605-06 (https://security.gentoo.org/glsa/201605-06)

http://lists.opensuse.org/opensuse-updates/2016-02/msg00101.html

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00003.html

https://bugzilla.mozilla.org/show_bug.cgi?id=1233346

https://bugzilla.mozilla.org/show_bug.cgi?id=1230483

https://bugzilla.mozilla.org/show_bug.cgi?id=1233925

Rapid7

Technical Analysis