Firefox < 45 Multiple Vulnerabilities

critical Log Correlation Engine Plugin ID 802023

Synopsis

The specific version of Firefox that the system is running is reportedly affected by multiple vulnerabilities.

Description

The specific version of Firefox that the system is running is reportedly affected by the following vulnerabilities:

- Mozilla Firefox contains a flaw in the ValueNumberer::fixupOSROnlyLoop() function in jit/ValueNumbering.cpp that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1952)

- Mozilla Firefox contains a flaw in the Downscaler::BeginFrame() function in image/Downscaler.cpp that is triggered when failing to compute filters for image downscaling. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1952)

- Mozilla Firefox contains a flaw that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1952)

- Mozilla Firefox contains a flaw in the JSScript::maybeSweepTypes() function in vm/TypeInference.cpp that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1952)

- Mozilla Firefox contains a flaw that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1952)

- Mozilla Firefox contains a flaw in the DispatchEvents() function in layout/style/nsAnimationManager.h and layout/style/nsTransitionManager.h that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1952)

- Mozilla Firefox contains a flaw in dom/base/Console.cpp that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1952)

- Mozilla Firefox contains a flaw in the PeerConnectionMedia::SelfDestruct_m() function in media/webrtc/signaling/src/peerconnection/PeerConnectionMedia.cpp that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1952)

- Mozilla Firefox contains a flaw that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1952)

- Mozilla Firefox contains a flaw in the nsICODecoder::ReadDirEntry() function in image/decoders/nsICODecoder.cpp that is triggered when rendering ICO sub-images. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1953)

- Mozilla Firefox contains a flaw in the nsIDNService::IDNA2008ToUnicode() function in netwerk/dns/nsIDNService.cpp that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1953)

- Mozilla Firefox contains a flaw that is triggered as user-supplied input is not properly validated when handling image decoding. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1953)

- Mozilla Firefox contains a flaw in the DiscardTransferables() function in vm/StructuredClone.cpp that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1953)

- Mozilla Firefox contains a flaw in the Assembler::GetCF32Target() function in jit/arm/Assembler-arm.cpp that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1953)

- Mozilla Firefox contains a flaw in the GetPcScript() function in jit/JitFrames.cpp that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1953)

- Mozilla Firefox contains a flaw in the JSFunction::isDerivedClassConstructor() function in js/src/jsfun.cpp that is triggered when handling lazy self-hosted functions. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1953)

- Mozilla Firefox contains a flaw in js/src/jit/Lowering.cpp that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1953)

- Mozilla Firefox contains a flaw that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1953)

- Mozilla Firefox contains a flaw in the EventListenerManager::HandleEventInternal() function in dom/events/EventListenerManager.cpp. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1953)

- Mozilla Firefox contains a flaw in layout/base/nsRefreshDriver.cpp that is triggered when handling transition events. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1953)

- Mozilla Firefox contains a flaw in dom/media/systemservices/CamerasChild.cpp that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1953)

- libvpx contains a flaw in the vp8_mb_init_dequantizer() function in vp8/decoder/decodeframe.c that is triggered as user-supplied input is not properly validated. With specially crafted media content, a context-dependent attacker can corrupt memory and potentially execute arbitrary code. (CVE-2016-1953)

- libvpx contains a flaw in the vp8_loop_filter_frame_init() function in media/libvpx/vp8/common/loopfilter.c that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1953)

- Mozilla Firefox contains a flaw that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1953)

- Mozilla Firefox contains a flaw in dom/xslt/xslt/txMozillaTextOutput.cpp that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1953)

- Mozilla Firefox contains a flaw in dom/gamepad/windows/WindowsGamepad.cpp that is triggered when handling WindowsGamepadService shutdown. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1953)

- Mozilla Firefox contains a flaw in the nsCSPContext::SendReports() function in dom/security/nsCSPContext.cpp that is triggered during the handling of Content Security Policy (CSP) violation reports. This may allow a context-dependent attacker to overwrite arbitrary files on a user's machine and potentially gain elevated privileges. (CVE-2016-1954)

- Mozilla Firefox contains a flaw in dom/security/nsCSPContext.cpp that is due to Content Security Policy (CSP) violation reports containing full path information for cross-origin iframe navigations in violation of the CSP specification. This may allow a context-dependent attacker to gain unauthorized access to sensitive information. (CVE-2016-1955)

- Mozilla Firefox contains a flaw in gfx/gl/GLContext.cpp when using Intel Video cards that is triggered when performing WebGL operations that require a large amount buffer to be allocated from video memory. This may allow a context-dependent to cause a consumption of memory resources that will persist until the system has been restarted. (CVE-2016-1956)

- Google Stagefright contains a flaw that is triggered during the handling of array destruction during MPEG4 video file processing. This may allow a context-dependent attacker to cause a memory leak, with unspecified consequences.
(CVE-2016-1957)

- Mozilla Firefox contains an unspecified flaw that may allow a context-dependent attacker to spoof the user's address bar. No further details have been provided. (CVE-2016-1958)

- Mozilla Firefox contains a flaw in Service Worker Manager that is triggered when handling the Clients API. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1959)

- Mozilla Firefox contains a use-after-free error in the HTML5 string parser. The issue is triggered when parsing a set of table-related tags in a foreign fragment context such as SVG. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-1960)

- Mozilla Firefox contains a use-after-free error in the nsHTMLDocument::SetBody() function in dom/html/nsHTMLDocument.cpp. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-1961)

- Mozilla Firefox contains a use-after-free error in netwerk/sctp/datachannel/DataChannel.cpp when using multiple WebRTC data channel connections and freeing a data channel connection from within a call. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-1962)

- Mozilla Firefox contains a flaw in the FileReader::DoReadData() function in dom/base/FileReader.cpp. The issue is triggered as user-supplied input is not properly validated when handling modifications to local files that occur while they are being read with the FileReader API. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1963)

- Mozilla Firefox contains a use-after-free error in the txAttribute::execute() function in dom/xslt/xslt/txInstructions.cpp that is triggered when handling XML transformation operations. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-1964)

- Mozilla Firefox contains a flaw in the nsLocation::SetProtocol() function in dom/base/nsLocation.cpp that is triggered when handling history navigation in combination with the location protocol property. This may allow a context-dependent attacker to spoof the contents of the address bar. (CVE-2016-1965)

- Mozilla Firefox contains a flaw that is triggered when handling history navigation in a restored browser session. This may potentially allow a context-dependent attacker to gain unauthorized access to cross-origin URL information. (CVE-2016-1967)

- Mozilla Firefox contains a pointer underflow condition in the Brotli library. The issue is triggered as user-supplied input is not properly validated when the library is performing decompression. This may allow a context-dependent attacker to cause a buffer overflow, potentially allowing the execution of arbitrary code. (CVE-2016-1968)

- Mozilla Firefox contains a use-after-free flaw in the Netscape Plugin Application Programming Interface (NPAPI) plugin within the nsNPObjWrapper::GetNewOrUsed() function in dom/plugins/base/nsJSNPRuntime.cpp. The issue is triggered when handling malicious scripted web content in concert with the plugin. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-1966)

- Mozilla Firefox contains an integer underflow condition in the srtp_unprotect() function in netwerk/srtp/src/srtp/srtp.c that is triggered when handling SRTP packet lenghts. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1970)

- Mozilla Firefox contains a flaw in the I420VideoFrame::CreateFrame() function in WebRTC. The issue is triggered as user-supplied input is not properly validated due to a missing status check. This may potentially allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1971)

- Mozilla Firefox contains a race condition in dom/media/systemservices/CamerasChild.h. The issue is triggered as user-supplied input is not properly validated when handling block-level statistics. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1975)

- Mozilla Firefox contains a use-after-free flaw in DesktopDisplayDevice::operator= in media/webrtc/trunk/webrtc/modules/desktop_capture/desktop_device_info.cc. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-1976)

- libvpx contains a use-after-free error in vpx_ports/vpx_once.h related to a race condition. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.
(CVE-2016-1972)

- Mozilla Firefox contains a use-after-free error that is triggered by a race condition in GetStaticInstance in WebRTC. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-1973)

- Mozilla Firefox contains a flaw in the nsScannerString::AppendUnicodeTo() function in parser/htmlparser/nsScannerString.cpp. The issue is triggered when the program fails to allocate memory during handling of unicode strings. This may allow a context-dependent attacker to potentially execute arbitrary code. (CVE-2016-1974)

- Mozilla Network Security Services (NSS) contains a use-after-free error in the PK11_ImportDERPrivateKeyInfoAndReturnKey() function. The issue is triggered when handling DER encoded keys. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.
(CVE-2016-1979)

- Graphite/Libgraphite contains a flaw in the Machine::Code::decoder::analysis::set_ref() function. The issue is triggered as user-supplied input is not properly validated. With a specially crafted font, a context-dependent attacker can corrupt memory to cause a denial of service in a process linked against the library or potentially execute arbitrary code. (CVE-2016-1977)

- Graphite/Libgraphite contains a flaw in the GetTableInfo() function in TtfUtil.cpp related to the use of uninitialized memory when handling a specially crafted font. This may allow a context-dependent attacker to have an unspecified impact. (CVE-2016-2790)

- Graphite/Libgraphite contains an out-of-bounds read flaw in the GlyphCache::glyph() function that is triggered when handling maliciously crafted fonts. This may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents. (CVE-2016-2791)

- Graphite/Libgraphite contains an out-of-bounds read flaw in the getAttr() function in Slot.cpp that is triggered when handling maliciously crafted fonts. This may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents. (CVE-2016-2792)

- Graphite/Libgraphite contains an out-of-bounds read flaw in CachedCmap.cpp that is triggered when handling maliciously crafted fonts. This may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents. (CVE-2016-2793)

- Graphite/Libgraphite contains an out-of-bounds read flaw in the CmapSubtable12NextCodepoint() function in TtfUtil.cpp that is triggered when handling maliciously crafted fonts. This may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents. (CVE-2016-2794)

- Graphite/Libgraphite contains a flaw in the FileFace::get_table_fn() function related to the use of uninitialized memory when handling a specially crafted font. This may allow a context-dependent attacker to have an unspecified impact. (CVE-2016-2795)

- Graphite/Libgraphite contains an out-of-bounds write flaw in the vm::Machine::Code::Code() function that is triggered when handling maliciously crafted fonts. This may allow a context-dependent attacker to potentially execute arbitrary code. (CVE-2016-2796)

- Graphite/Libgraphite contains an out-of-bounds read flaw in the CmapSubtable12Lookup() function in TtfUtil.cpp that is triggered when handling maliciously crafted fonts. This may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents. (CVE-2016-2797)

- Graphite/Libgraphite contains an out-of-bounds read flaw in the GlyphCache::Loader::Loader() function that is triggered when handling maliciously crafted fonts. This may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents. (CVE-2016-2798)

- Graphite/Libgraphite contains an out-of-bounds write flaw in the setAttr() function in Slot.cpp that is triggered when handling maliciously crafted fonts. This may allow a context-dependent attacker to potentially execute arbitrary code. (CVE-2016-2799)

- Graphite/Libgraphite contains an out-of-bounds read flaw in the getAttr() function in Slot.cpp that is triggered when handling maliciously crafted fonts. This may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents. (CVE-2016-2800)

- Graphite/Libgraphite contains an out-of-bounds read flaw in the CmapSubtable12Lookup() function in TtfUtil.cpp that is triggered when handling maliciously crafted fonts. This may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents. (CVE-2016-2801)

- Graphite/Libgraphite contains an out-of-bounds read flaw in the CmapSubtable4NextCodepoint() function in TtfUtil.cpp that is triggered when handling maliciously crafted fonts. This may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents. (CVE-2016-2802)

- Graphite/Libgraphite contains an out-of-bounds write flaw in the setAttr() function that is triggered when handling maliciously crafted fonts. This may allow a context-dependent attacker to potentially execute arbitrary code. (CVE-2016-1969)

Solution

It has been reported that this has been fixed. Please refer to the product listing for upgraded versions that address this vulnerability.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2016-36/

https://www.suse.com/support/update/announcement/2016/suse-su-20160777-1.html

https://www.suse.com/support/update/announcement/2016/suse-su-20161342-1.html

https://www.debian.org/security/2016/dsa-3520

https://www.mozilla.org/

https://download.novell.com/Download?buildid=MVAFl0oMTck~

http://www.ubuntu.com/usn/usn-2973-1/

https://download.novell.com/Download?buildid=W46YTfqEGiQ~

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005811

https://www-304.ibm.com/support/docview.wss?uid=ssg1S1005812

http://www-01.ibm.com/support/docview.wss?uid=isg3T1023778

http://www-01.ibm.com/support/docview.wss?uid=swg21982583

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html

https://www.suse.com/support/update/announcement/2016/suse-su-20160727-1.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html

https://www.suse.com/support/update/announcement/2016/suse-su-20160820-1.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html

https://www.suse.com/support/update/announcement/2016/suse-su-20160909-1.html

https://bto.bluecoat.com/security-advisory/sa124

https://www.mozilla.org/en-US/security/advisories/mfsa2016-39/

https://www.mozilla.org/en-US/security/advisories/mfsa2016-16/

https://www.mozilla.org/en-US/security/advisories/mfsa2016-17/

https://www.mozilla.org/en-US/security/advisories/mfsa2016-18/

https://www.mozilla.org/en-US/security/advisories/mfsa2016-19/

https://www.mozilla.org/en-US/security/advisories/mfsa2016-20/

https://www.mozilla.org/en-US/security/advisories/mfsa2016-21/

https://www.mozilla.org/en-US/security/advisories/mfsa2016-22/

https://www.mozilla.org/en-US/security/advisories/mfsa2016-23/

https://www.mozilla.org/en-US/security/advisories/mfsa2016-24/

https://www.mozilla.org/en-US/security/advisories/mfsa2016-25/

https://www.mozilla.org/en-US/security/advisories/mfsa2016-26/

https://www.mozilla.org/en-US/security/advisories/mfsa2016-27/

https://www.mozilla.org/en-US/security/advisories/mfsa2016-28/

https://www.mozilla.org/en-US/security/advisories/mfsa2016-29/

https://www.mozilla.org/en-US/security/advisories/mfsa2016-30/

https://www.mozilla.org/en-US/security/advisories/mfsa2016-31/

https://www.mozilla.org/en-US/security/advisories/mfsa2016-32/

https://www.mozilla.org/en-US/security/advisories/mfsa2016-33/

https://www.mozilla.org/en-US/security/advisories/mfsa2016-34/

https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/

https://www.mozilla.org/en-US/security/advisories/mfsa2016-38/

https://www.suse.com/support/update/announcement/2016/suse-su-20161374-1.html

https://bugzilla.mozilla.org/show_bug.cgi?id=1123661

https://bugzilla.mozilla.org/show_bug.cgi?id=1221872

https://bugzilla.mozilla.org/show_bug.cgi?id=1224979

https://bugzilla.mozilla.org/show_bug.cgi?id=1234578

https://bugzilla.mozilla.org/show_bug.cgi?id=1241217

https://bugzilla.mozilla.org/show_bug.cgi?id=1242279

https://bugzilla.mozilla.org/show_bug.cgi?id=1244250

https://bugzilla.mozilla.org/show_bug.cgi?id=1244995

https://bugzilla.mozilla.org/show_bug.cgi?id=1249685

https://bugzilla.mozilla.org/show_bug.cgi?id=1208946

https://bugzilla.mozilla.org/show_bug.cgi?id=1219339

https://bugzilla.mozilla.org/show_bug.cgi?id=1185033

https://www.debian.org/security/2016/dsa-3510

http://www.ubuntu.com/usn/usn-2917-1/

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html

http://www.ubuntu.com/usn/usn-2917-2/

http://www.ubuntu.com/usn/usn-2917-3/

http://www.ubuntu.com/usn/usn-2934-1/

http://seclists.org/bugtraq/2016/Mar/72

https://packetstormsecurity.com/files/136152/Debian-Security-Advisory-3510-1.html

https://packetstormsecurity.com/files/136272/Red-Hat-Security-Advisory-2016-0460-01.html

https://bugzilla.mozilla.org/show_bug.cgi?id=1207958

https://bugzilla.mozilla.org/show_bug.cgi?id=1245866

https://bugzilla.mozilla.org/show_bug.cgi?id=1238558

https://bugzilla.mozilla.org/show_bug.cgi?id=1241731

https://www.debian.org/security/2016/dsa-3559

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00023.html

https://www.suse.com/support/update/announcement/2016/suse-su-20161258-1.html

https://www.debian.org/security/2016/dsa-3576

https://www.suse.com/support/update/announcement/2016/suse-su-20161352-1.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00054.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00057.html

http://seclists.org/bugtraq/2016/Apr/153

http://seclists.org/bugtraq/2016/May/63

https://bugzilla.mozilla.org/show_bug.cgi?id=1199171

https://bugzilla.mozilla.org/show_bug.cgi?id=1234425

https://bugzilla.mozilla.org/show_bug.cgi?id=1236519

https://bugzilla.mozilla.org/show_bug.cgi?id=1238935

https://bugzilla.mozilla.org/show_bug.cgi?id=1225618

https://bugzilla.mozilla.org/show_bug.cgi?id=1243555

https://bugzilla.mozilla.org/show_bug.cgi?id=1243583

https://bugzilla.mozilla.org/show_bug.cgi?id=1247236

https://bugzilla.mozilla.org/show_bug.cgi?id=1224361

https://bugzilla.mozilla.org/show_bug.cgi?id=1224363

https://bugzilla.mozilla.org/show_bug.cgi?id=1224369

https://bugzilla.mozilla.org/show_bug.cgi?id=1205163

https://bugzilla.mozilla.org/show_bug.cgi?id=1248794

https://bugzilla.mozilla.org/show_bug.cgi?id=1243178

http://seclists.org/bugtraq/2016/Mar/145

https://bugzilla.mozilla.org/show_bug.cgi?id=1199923

https://bugzilla.mozilla.org/show_bug.cgi?id=1227052

https://bugzilla.mozilla.org/show_bug.cgi?id=1228754

https://bugzilla.mozilla.org/show_bug.cgi?id=1234949

https://www.xerox.com/download/security/security-bulletin/287fc-53b3b113cc7a1/cert_XRX16-015_v1.0_FFPS2.1_Standalone_Aug10_2016-1.pdf

https://bugzilla.mozilla.org/show_bug.cgi?id=1246014

http://www.zerodayinitiative.com/advisories/ZDI-16-198/

https://bugzilla.mozilla.org/show_bug.cgi?id=1249377

http://www.zerodayinitiative.com/advisories/ZDI-16-199/

https://bugzilla.mozilla.org/show_bug.cgi?id=1240760

https://bugzilla.mozilla.org/show_bug.cgi?id=1238440

https://bugzilla.mozilla.org/show_bug.cgi?id=1243335

https://bugzilla.mozilla.org/show_bug.cgi?id=1245264

https://bugzilla.mozilla.org/show_bug.cgi?id=1246956

https://bugzilla.mozilla.org/show_bug.cgi?id=1246742

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=817233

https://bugzilla.mozilla.org/show_bug.cgi?id=1246054

https://bugzilla.mozilla.org/show_bug.cgi?id=1216837

https://bugzilla.mozilla.org/show_bug.cgi?id=1217663

https://bugzilla.mozilla.org/show_bug.cgi?id=1230768

https://bugzilla.mozilla.org/show_bug.cgi?id=1176340

https://bugzilla.mozilla.org/show_bug.cgi?id=1218124

https://bugzilla.mozilla.org/show_bug.cgi?id=1228103

https://support.f5.com/kb/en-us/solutions/public/k/20/sol20145801.html

https://bugzilla.mozilla.org/show_bug.cgi?id=1248876

https://www.debian.org/security/2016/dsa-3515

http://www.ubuntu.com/usn/usn-2927-1/

http://pivotal.io/security/usn-2927-1

http://seclists.org/bugtraq/2016/Mar/97

https://packetstormsecurity.com/files/136196/Debian-Security-Advisory-3515-1.html

https://packetstormsecurity.com/files/136201/Ubuntu-Security-Notice-USN-2927-1.html

https://bugzilla.mozilla.org/show_bug.cgi?id=1243464

https://bugzilla.mozilla.org/show_bug.cgi?id=1243473

https://bugzilla.mozilla.org/show_bug.cgi?id=1243482

https://bugzilla.mozilla.org/show_bug.cgi?id=1243513

https://bugzilla.mozilla.org/show_bug.cgi?id=1243526

https://bugzilla.mozilla.org/show_bug.cgi?id=1243597

https://bugzilla.mozilla.org/show_bug.cgi?id=1243816

https://bugzilla.mozilla.org/show_bug.cgi?id=1243823

https://bugzilla.mozilla.org/show_bug.cgi?id=1248805

https://bugzilla.mozilla.org/show_bug.cgi?id=1249081

https://bugzilla.mozilla.org/show_bug.cgi?id=1249338

https://bugzilla.mozilla.org/show_bug.cgi?id=1249920

https://bugzilla.mozilla.org/show_bug.cgi?id=1248804

https://bugzilla.mozilla.org/show_bug.cgi?id=1242322

Plugin Details

Severity: Critical

ID: 802023

Family: Web Clients

Published: 9/7/2016

Risk Information

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Patch Publication Date: 3/8/2016

Vulnerability Publication Date: 3/8/2016

Reference Information

CVE: CVE-2016-1952, CVE-2016-1953, CVE-2016-1954, CVE-2016-1955, CVE-2016-1956, CVE-2016-1957, CVE-2016-1958, CVE-2016-1959, CVE-2016-1960, CVE-2016-1961, CVE-2016-1962, CVE-2016-1963, CVE-2016-1964, CVE-2016-1965, CVE-2016-1966, CVE-2016-1967, CVE-2016-1968, CVE-2016-1969, CVE-2016-1970, CVE-2016-1971, CVE-2016-1972, CVE-2016-1973, CVE-2016-1974, CVE-2016-1975, CVE-2016-1976, CVE-2016-1977, CVE-2016-1979, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802