CVE-2016-1966

Loading...

General

Score:6.8/10.0
Severity:Medium
Category:N/A

Impact Metrics

Confidentiality:Partial
Integrity:Partial
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Medium
Authentication:None

Relative vulnerabilities

CVE-2016-1950, CVE-2016-1952, CVE-2016-1953, CVE-2016-1954, CVE-2016-1955, CVE-2016-1956, CVE-2016-1957, CVE-2016-1958, CVE-2016-1959, CVE-2016-1960, CVE-2016-1961, CVE-2016-1962, CVE-2016-1963, CVE-2016-1964, CVE-2016-1965, CVE-2016-1967, CVE-2016-1968, CVE-2016-1970, CVE-2016-1971, CVE-2016-1972, CVE-2016-1973, CVE-2016-1974, CVE-2016-1975, CVE-2016-1976, CVE-2016-1977, CVE-2016-1978, CVE-2016-1979, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802

Published on 13/03/16 - Updated on 30/10/18

Description

The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference and memory corruption) via a crafted NPAPI plugin.

Category:

There is insufficient information about the issue to classify it; details are unknown or unspecified.

Security Notices

US National Vulnerability DatabaseCVE-2016-1966
Agence Nationale de la Sécurité des Systèmes d'Information CERTFR-2016-AVI-086
Arch Linux ASA-201603-21, ASA-201603-4
CentOS CESA-2016:0373, CESA-2016:0460
Debian DSA-3510-1, DSA-3520-1
Mozilla MFSA2016-31
Redhat RHSA-2016:0373, RHSA-2016:0460
SUSE SUSE-SU-2016:0727, SUSE-SU-2016:0777, SUSE-SU-2016:0820, SUSE-SU-2016:0909
Ubuntu USN-2917-1, USN-2917-2, USN-2917-3, USN-2934-1

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
mozillafirefox
mozillafirefox_esr
mozillathunderbird
opensuseopensuse
oraclelinux

Share this vulnerability with:

Twitter Facebook LinkedIn Mail