CVE-2016-1973

EPSS 0.84%
Published 13.03.2016 18:59:22
Last modified 12.04.2025 10:46:40
Source security@mozilla.org
Teams watchlist Login
Open Login

Race condition in the GetStaticInstance function in the WebRTC implementation in Mozilla Firefox before 45.0 might allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via unspecified vectors.

Affected products Warnungen 0 Metrics 3 CWE 0 References 13

Data is provided by the National Vulnerability Database (NVD)

Oracle ≫ Linux Version5.0

Oracle ≫ Linux Version6

Oracle ≫ Linux Version7

Mozilla ≫ Firefox Version <= 44.0.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.84%	0.737

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

Third Party Advisory

https://security.gentoo.org/glsa/201605-06

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html

http://www.securitytracker.com/id/1035215

http://www.ubuntu.com/usn/USN-2917-1

http://www.ubuntu.com/usn/USN-2917-2

http://www.ubuntu.com/usn/USN-2917-3

http://www.mozilla.org/security/announce/2016/mfsa2016-33.html

Vendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=1219339

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2016-1973

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-1973

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-1973

EUVD