CVE-2016-9063

critical
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50.

References

http://www.securityfocus.com/bid/94337

http://www.securitytracker.com/id/1037298

http://www.securitytracker.com/id/1039427

https://bugzilla.mozilla.org/show_bug.cgi?id=1274777

https://www.debian.org/security/2017/dsa-3898

https://www.mozilla.org/security/advisories/mfsa2016-89/

Details

Source: MITRE

Published: 2018-06-11

Updated: 2018-07-30

Type: CWE-190

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Tenable Plugins

View all (30 total)

IDNameProductFamilySeverity
135607EulerOS Virtualization 3.0.2.2 : expat (EulerOS-SA-2020-1445)NessusHuawei Local Security Checks
critical
134506EulerOS Virtualization for ARM 64 3.0.2.0 : expat (EulerOS-SA-2020-1217)NessusHuawei Local Security Checks
critical
134106SUSE SLED12 / SLES12 Security Update : python3 (SUSE-SU-2020:0497-1)NessusSuSE Local Security Checks
critical
131587EulerOS 2.0 SP2 : expat (EulerOS-SA-2019-2433)NessusHuawei Local Security Checks
critical
130854EulerOS 2.0 SP5 : expat (EulerOS-SA-2019-2145)NessusHuawei Local Security Checks
critical
130718EulerOS 2.0 SP3 : expat (EulerOS-SA-2019-2256)NessusHuawei Local Security Checks
critical
130450SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2019:2872-1)NessusSuSE Local Security Checks
critical
700542Apple iOS < 11.0.1 Multiple VulnerabilitiesNessus Network MonitorMobile Devices
critical
700511macOS < 10.13 Multiple VulnerabilitiesNessus Network MonitorOperating System Detection
critical
110934FreeBSD : expat -- multiple vulnerabilities (e375ff3f-7fec-11e8-8088-28d244aee256)NessusFreeBSD Local Security Checks
critical
109594FreeBSD : python 2.7 -- multiple vulnerabilities (8719b935-8bae-41ad-92ba-3c826f651219)NessusFreeBSD Local Security Checks
critical
109583Slackware 14.0 / 14.1 / 14.2 / current : python (SSA:2018-124-01)NessusSlackware Local Security Checks
critical
103796FreeBSD : Python 2.7 -- multiple vulnerabilities (9164f51e-ae20-11e7-a633-009c02a2ab30)NessusFreeBSD Local Security Checks
critical
103598macOS < 10.13 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
103424Slackware 14.0 / 14.1 / 14.2 / current : python (SSA:2017-266-02)NessusSlackware Local Security Checks
critical
103420Apple iOS < 11 Multiple VulnerabilitiesNessusMobile Devices
critical
102989SUSE SLES11 Security Update : expat (SUSE-SU-2017:2375-1)NessusSuSE Local Security Checks
critical
102946openSUSE Security Update : expat (openSUSE-2017-993)NessusSuSE Local Security Checks
critical
102854SUSE SLED12 / SLES12 Security Update : expat (SUSE-SU-2017:2299-1)NessusSuSE Local Security Checks
critical
101578Fedora 26 : expat (2017-18601ad5d2)NessusFedora Local Security Checks
critical
101509Fedora 24 : expat (2017-a44f9aa38b)NessusFedora Local Security Checks
critical
101499Fedora 25 : expat (2017-2c5635cd97)NessusFedora Local Security Checks
critical
101035Debian DSA-3898-1 : expat - security updateNessusDebian Local Security Checks
critical
95590openSUSE Security Update : Mozilla Firefox / Thunderbird and NSS (openSUSE-2016-1407)NessusSuSE Local Security Checks
critical
9804Mozilla Firefox < 50.0 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
95025Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : firefox vulnerabilities (USN-3124-1)NessusUbuntu Local Security Checks
critical
95022openSUSE Security Update : MozillaFirefox / mozilla-nss (openSUSE-2016-1334)NessusSuSE Local Security Checks
critical
94960Mozilla Firefox < 50.0 Multiple VulnerabilitiesNessusWindows
critical
94958Mozilla Firefox < 50.0 Multiple Vulnerabilities (macOS)NessusMacOS X Local Security Checks
critical
94904FreeBSD : mozilla -- multiple vulnerabilities (d1853110-07f4-4645-895b-6fd462ad0589)NessusFreeBSD Local Security Checks
critical