CVE-2016-1947

EPSS 0.57%
Published 31.01.2016 18:59:13
Last modified 12.04.2025 10:46:40
Source security@mozilla.org
Teams watchlist Login
Open Login

Mozilla Firefox 43.x mishandles attempts to connect to the Application Reputation service, which makes it easier for remote attackers to trigger an unintended download by leveraging the absence of reputation data.

Affected products Warnungen 0 Metrics 3 CWE 0 References 12

Data is provided by the National Vulnerability Database (NVD)

Canonical ≫ Ubuntu Linux Version12.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version15.04

Canonical ≫ Ubuntu Linux Version15.10

Opensuse ≫ Leap Version42.1

Opensuse ≫ Opensuse Version13.1

Opensuse ≫ Opensuse Version13.2

Mozilla ≫ Firefox Version43.0

Mozilla ≫ Firefox Version43.0.1

Mozilla ≫ Firefox Version43.0.2

Mozilla ≫ Firefox Version43.0.3

Mozilla ≫ Firefox Version43.0.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.57%	0.678

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.7	2.8	1.4	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

https://security.gentoo.org/glsa/201605-06

Third Party Advisory

VDB Entry

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html

Third Party Advisory

http://www.securitytracker.com/id/1034825

http://www.ubuntu.com/usn/USN-2880-1

Third Party Advisory

http://www.ubuntu.com/usn/USN-2880-2

Third Party Advisory

http://www.mozilla.org/security/announce/2016/mfsa2016-11.html

Vendor Advisory

http://www.securityfocus.com/bid/81949

Third Party Advisory

VDB Entry

https://bugzilla.mozilla.org/show_bug.cgi?id=1237103

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2016-1947

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-1947

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-1947

EUVD