CVE-2016-1931

Description

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to uninitialized memory encountered during brotli data compression, and other vectors.

Predictions

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

References

• http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html
• http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html
• http://www.mozilla.org/security/announce/2016/mfsa2016-01.html
• http://www.securityfocus.com/bid/81953
• http://www.securitytracker.com/id/1034825
• http://www.ubuntu.com/usn/USN-2880-1
• http://www.ubuntu.com/usn/USN-2880-2
• https://bugzilla.mozilla.org/show_bug.cgi?id=1180064
• https://bugzilla.mozilla.org/show_bug.cgi?id=1186973
• https://bugzilla.mozilla.org/show_bug.cgi?id=1206675
• https://bugzilla.mozilla.org/show_bug.cgi?id=1207298
• https://bugzilla.mozilla.org/show_bug.cgi?id=1209358
• https://bugzilla.mozilla.org/show_bug.cgi?id=1209365
• https://bugzilla.mozilla.org/show_bug.cgi?id=1209366
• https://bugzilla.mozilla.org/show_bug.cgi?id=1209368
• https://bugzilla.mozilla.org/show_bug.cgi?id=1209546
• https://bugzilla.mozilla.org/show_bug.cgi?id=1222015
• https://bugzilla.mozilla.org/show_bug.cgi?id=1229825
• https://bugzilla.mozilla.org/show_bug.cgi?id=1231121
• https://bugzilla.mozilla.org/show_bug.cgi?id=1234576
• https://security.gentoo.org/glsa/201605-06
• http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html
• http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html
• http://www.mozilla.org/security/announce/2016/mfsa2016-01.html
• http://www.securityfocus.com/bid/81953

CWEs

CWE-119