CVE-2016-1966

MEDIUM

Description

The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference and memory corruption) via a crafted NPAPI plugin.

References

http://hg.mozilla.org/releases/mozilla-release/rev/f0d2911a9a4e

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html

http://www.debian.org/security/2016/dsa-3510

http://www.debian.org/security/2016/dsa-3520

http://www.mozilla.org/security/announce/2016/mfsa2016-31.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

http://www.securitytracker.com/id/1035215

http://www.ubuntu.com/usn/USN-2917-1

http://www.ubuntu.com/usn/USN-2917-2

http://www.ubuntu.com/usn/USN-2917-3

http://www.ubuntu.com/usn/USN-2934-1

https://bugzilla.mozilla.org/show_bug.cgi?id=1246054

https://security.gentoo.org/glsa/201605-06

Details

Source: MITRE

Published: 2016-03-13

Updated: 2019-12-27

Type: NVD-CWE-Other

Risk Information

CVSS v2.0

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3.0

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.8

Severity: HIGH

Vulnerable Software

ID	Name	Product	Family	Severity
99765	EulerOS 2.0 SP1 : firefox (EulerOS-SA-2016-1002)	Nessus	Huawei Local Security Checks	critical
802023	Firefox < 45 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	critical
91379	GLSA-201605-06 : Mozilla Products: Multiple vulnerabilities (Logjam) (SLOTH)	Nessus	Gentoo Local Security Checks	critical
90822	Ubuntu 12.04 LTS / 14.04 LTS / 15.10 / 16.04 LTS : thunderbird vulnerabilities (USN-2934-1)	Nessus	Ubuntu Local Security Checks	high
90598	Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : firefox regressions (USN-2917-3)	Nessus	Ubuntu Local Security Checks	critical
9207	Mozilla Firefox < 45.0 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
90421	Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : firefox regressions (USN-2917-2)	Nessus	Ubuntu Local Security Checks	critical
90263	SUSE SLES11 Security Update : MozillaFirefox, mozilla-nspr, mozilla-nss (SUSE-SU-2016:0909-1)	Nessus	SuSE Local Security Checks	critical
90240	openSUSE Security Update : MozillaThunderbird (openSUSE-2016-402)	Nessus	SuSE Local Security Checks	critical
90170	openSUSE Security Update : MozillaThunderbird (openSUSE-2016-395)	Nessus	SuSE Local Security Checks	critical
90065	SUSE SLES10 Security Update : MozillaFirefox (SUSE-SU-2016:0820-1)	Nessus	SuSE Local Security Checks	critical
90031	Debian DSA-3520-1 : icedove - security update	Nessus	Debian Local Security Checks	critical
89990	SUSE SLED11 / SLES11 Security Update : MozillaFirefox, mozilla-nspr, mozilla-nss (SUSE-SU-2016:0777-1)	Nessus	SuSE Local Security Checks	critical
89988	Scientific Linux Security Update : thunderbird on SL5.x, SL6.x, SL7.x i386/x86_64 (20160316)	Nessus	Scientific Linux Local Security Checks	high
89986	RHEL 5 / 6 / 7 : thunderbird (RHSA-2016:0460)	Nessus	Red Hat Local Security Checks	high
89981	Oracle Linux 6 / 7 : thunderbird (ELSA-2016-0460)	Nessus	Oracle Linux Local Security Checks	high
89971	CentOS 5 / 6 / 7 : thunderbird (CESA-2016:0460)	Nessus	CentOS Local Security Checks	high
89929	SUSE SLED12 / SLES12 Security Update : MozillaFirefox, mozilla-nspr, mozilla-nss (SUSE-SU-2016:0727-1)	Nessus	SuSE Local Security Checks	critical
89915	openSUSE Security Update : Firefox (openSUSE-2016-334)	Nessus	SuSE Local Security Checks	critical
89913	openSUSE Security Update : MozillaFirefox / mozilla-nspr / mozilla-nss (openSUSE-2016-332)	Nessus	SuSE Local Security Checks	critical
89875	Firefox < 45 Multiple Vulnerabilities	Nessus	Windows	critical
89874	Firefox ESR < 38.7 Multiple Vulnerabilities	Nessus	Windows	critical
89873	Firefox < 45 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	critical
89872	Firefox ESR < 38.7 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	critical
89826	Ubuntu 12.04 LTS / 14.04 / 15.10 : firefox vulnerabilities (USN-2917-1)	Nessus	Ubuntu Local Security Checks	critical
89822	Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64 (20160309)	Nessus	Scientific Linux Local Security Checks	critical
89816	Oracle Linux 5 / 6 / 7 : firefox (ELSA-2016-0373)	Nessus	Oracle Linux Local Security Checks	critical
89792	Debian DSA-3510-1 : iceweasel - security update	Nessus	Debian Local Security Checks	critical
89774	RHEL 5 / 6 / 7 : firefox (RHSA-2016:0373)	Nessus	Red Hat Local Security Checks	critical
89765	FreeBSD : mozilla -- multiple vulnerabilities (2225c5b4-1e5a-44fc-9920-b3201c384a15)	Nessus	FreeBSD Local Security Checks	critical
89763	CentOS 5 / 6 / 7 : firefox (CESA-2016:0373)	Nessus	CentOS Local Security Checks	critical

CVE-2016-1966

MEDIUM

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Configuration 3

Tenable Plugins

critical

critical

critical

high

critical

high

critical

critical

critical

critical

critical

critical

critical

high

high

high

high

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical