10

CVE-2016-1962

Use-after-free vulnerability in the mozilla::DataChannelConnection::Close function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of WebRTC data-channel connections.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox Version <= 44.0.2
MozillaFirefox Version38.0
MozillaFirefox Version38.0.1
MozillaFirefox Version38.0.5
MozillaFirefox Version38.1.0
MozillaFirefox Version38.1.1
MozillaFirefox Version38.2.0
MozillaFirefox Version38.2.1
MozillaFirefox Version38.3.0
MozillaFirefox Version38.4.0
MozillaFirefox Version38.5.0
MozillaFirefox Version38.5.1
MozillaFirefox Version38.6.0
MozillaFirefox Version38.6.1
OpensuseOpensuse Version13.1
OracleLinux Version5.0
OracleLinux Version6
OracleLinux Version7
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.08% 0.926
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
Third Party Advisory
https://security.gentoo.org/glsa/201605-06
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html
http://www.debian.org/security/2016/dsa-3510
http://www.debian.org/security/2016/dsa-3520
http://www.securitytracker.com/id/1035215
http://www.ubuntu.com/usn/USN-2917-1
http://www.ubuntu.com/usn/USN-2917-2
http://www.ubuntu.com/usn/USN-2917-3
http://www.mozilla.org/security/announce/2016/mfsa2016-25.html
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1240760
Issue Tracking