CVE-2016-1947

medium

Description

Mozilla Firefox 43.x mishandles attempts to connect to the Application Reputation service, which makes it easier for remote attackers to trigger an unintended download by leveraging the absence of reputation data.

References

Advisories
More

https://security.gentoo.org/glsa/201605-06

http://www.ubuntu.com/usn/USN-2880-2

http://www.ubuntu.com/usn/USN-2880-1

http://www.securityfocus.com/bid/81949

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html

https://bugzilla.mozilla.org/show_bug.cgi?id=1237103

http://www.securitytracker.com/id/1034825

http://www.mozilla.org/security/announce/2016/mfsa2016-11.html

Details

Source: Mitre, NVD

Published: 2016-01-31

Updated: 2025-04-12

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 4.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N