CVE-2016-1947

CVSS v3.0 4.7 (Medium)

CVSS v2.0 4.3 (Medium)

EPSS 0.47 % (76^th)

Affected Products 4

Advisories 4

Mozilla Firefox 43.x mishandles attempts to connect to the Application Reputation service, which makes it easier for remote attackers to trigger an unintended download by leveraging the absence of reputation data.

Weaknesses

CWE-19: Data Processing Errors

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2016-01-31 18:59:13
(8 years ago)
Updated Date: 2018-10-30 16:27:35
(5 years ago)

Affected Products

Canonical

Ubuntu Linux

Mozilla

Firefox

Opensuse

Configuration #1

		CPE23	From	Up To
	Canonical Ubuntu Linux 12.04	cpe:2.3:o:canonical:ubuntu_linux:12.04:::*:lts
	Canonical Ubuntu Linux 14.04	cpe:2.3:o:canonical:ubuntu_linux:14.04:::*:lts
	Canonical Ubuntu Linux 15.04	cpe:2.3:o:canonical:ubuntu_linux:15.04
	Canonical Ubuntu Linux 15.10	cpe:2.3:o:canonical:ubuntu_linux:15.10

Configuration #2

		CPE23	From	Up To
	Opensuse Leap 42.1	cpe:2.3:o:opensuse:leap:42.1
	Opensuse 13.1	cpe:2.3:o:opensuse:opensuse:13.1
	Opensuse 13.2	cpe:2.3:o:opensuse:opensuse:13.2

Configuration #3

		CPE23	From	Up To
	Mozilla Firefox 43.0	cpe:2.3:a:mozilla:firefox:43.0
	Mozilla Firefox 43.0.1	cpe:2.3:a:mozilla:firefox:43.0.1
	Mozilla Firefox 43.0.2	cpe:2.3:a:mozilla:firefox:43.0.2
	Mozilla Firefox 43.0.3	cpe:2.3:a:mozilla:firefox:43.0.3
	Mozilla Firefox 43.0.4	cpe:2.3:a:mozilla:firefox:43.0.4