CVE-2016-1953
high
CVSS v3
8.8
CVSS v2
6.8
VIR risk
8.8
Description
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to js/src/jit/arm/Assembler-arm.cpp, and unknown other vectors.
Predictions
Exploit likelihood
92%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2016-1953
Vendor advisory: security@mozilla.org — http://www.mozilla.org/security/announce/2016/mfsa2016-16.html
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| debian | sid | fixed | 45.0-1 |
| debian | bookworm | fixed | 45.0esr-1 |
| debian | bullseye | fixed | 45.0esr-1 |
| debian | forky | fixed | 45.0esr-1 |
| debian | trixie | fixed | 45.0esr-1 |
| suse | 42.1 | affected | |
| suse | 13.1 | affected | |
| suse | 13.2 | affected | |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| mozilla | firefox | {"endIncluding":"44.0.2"} | |
| mozilla | firefox | 38.0 | |
| mozilla | firefox | 38.0.1 | |
| mozilla | firefox | 38.0.5 | |
| mozilla | firefox | 38.1.0 | |
| mozilla | firefox | 38.1.1 | |
| mozilla | firefox | 38.2.0 | |
| mozilla | firefox | 38.2.1 | |
| mozilla | firefox | 38.3.0 | |
| mozilla | firefox | 38.4.0 | |
| mozilla | firefox | 38.5.0 | |
| mozilla | firefox | 38.5.1 | |
| mozilla | firefox | 38.6.0 | |
| mozilla | firefox | 38.6.1 | |
| mozilla | thunderbird | {"endIncluding":"38.6.0"} | |
| novell | suse_package_hub_for_suse_linux_enterprise | 12 | |
References
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html
- http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html
- http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html
- http://www.mozilla.org/security/announce/2016/mfsa2016-16.html
- http://www.securitytracker.com/id/1035215
- http://www.ubuntu.com/usn/USN-2917-1
- http://www.ubuntu.com/usn/USN-2917-2
- http://www.ubuntu.com/usn/USN-2917-3
- https://bugzilla.mozilla.org/show_bug.cgi?id=1199171
- https://bugzilla.mozilla.org/show_bug.cgi?id=1205163
- https://bugzilla.mozilla.org/show_bug.cgi?id=1207958
- https://bugzilla.mozilla.org/show_bug.cgi?id=1224361
- https://bugzilla.mozilla.org/show_bug.cgi?id=1224363
- https://bugzilla.mozilla.org/show_bug.cgi?id=1224369
- https://bugzilla.mozilla.org/show_bug.cgi?id=1225618
- https://bugzilla.mozilla.org/show_bug.cgi?id=1234425
- https://bugzilla.mozilla.org/show_bug.cgi?id=1236519
- https://bugzilla.mozilla.org/show_bug.cgi?id=1238558
- https://bugzilla.mozilla.org/show_bug.cgi?id=1238935
CWEs
CWE-119
Verify integrity in audit chain (admin only). AS-IS.