1. Home
  2. Vulnerabilities
  3. CVE-2016-1960

CVE-2016-1960

CVSS v3.0 8.8 (High)
88% Progress
CVSS v2.0 6.8 (Medium)
68% Progress
EPSS 96.26 % (100th)
96.26% Progress
Affected Products 7
Advisories 16
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) by leveraging mishandling of end tags, as demonstrated by incorrect SVG processing, aka ZDI-CAN-3545.

Weaknesses
CWE-NVD-Other
CVE Status
PUBLISHED
CNA
Mozilla Corporation
Published Date
2016-03-13 18:59:09
(8 years ago)
Updated Date
2019-12-27 16:08:55
(4 years ago)

Affected Products

Mozilla

Opensuse

Oracle

Suse

Configuration #1

    CPE23 From Up To
  Oracle Linux 5.0 cpe:2.3:o:oracle:linux:5.0
  Oracle Linux 6 cpe:2.3:o:oracle:linux:6
  Oracle Linux 7 cpe:2.3:o:oracle:linux:7

Configuration #2

    CPE23 From Up To
  Mozilla Firefox 44.0.2 and prior versions cpe:2.3:a:mozilla:firefox <= 44.0.2
  Mozilla Firefox Esr 38.0 cpe:2.3:a:mozilla:firefox_esr:38.0
  Mozilla Firefox Esr 38.0.1 cpe:2.3:a:mozilla:firefox_esr:38.0.1
  Mozilla Firefox Esr 38.0.5 cpe:2.3:a:mozilla:firefox_esr:38.0.5
  Mozilla Firefox Esr 38.1.0 cpe:2.3:a:mozilla:firefox_esr:38.1.0
  Mozilla Firefox Esr 38.1.1 cpe:2.3:a:mozilla:firefox_esr:38.1.1
  Mozilla Firefox Esr 38.2.0 cpe:2.3:a:mozilla:firefox_esr:38.2.0
  Mozilla Firefox Esr 38.2.1 cpe:2.3:a:mozilla:firefox_esr:38.2.1
  Mozilla Firefox Esr 38.3.0 cpe:2.3:a:mozilla:firefox_esr:38.3.0
  Mozilla Firefox Esr 38.4.0 cpe:2.3:a:mozilla:firefox_esr:38.4.0
  Mozilla Firefox Esr 38.5.0 cpe:2.3:a:mozilla:firefox_esr:38.5.0
  Mozilla Firefox Esr 38.5.1 cpe:2.3:a:mozilla:firefox_esr:38.5.1
  Mozilla Firefox Esr 38.6.0 cpe:2.3:a:mozilla:firefox_esr:38.6.0
  Mozilla Firefox Esr 38.6.1 cpe:2.3:a:mozilla:firefox_esr:38.6.1
  Mozilla Thunderbird 38.6.0 and prior versions cpe:2.3:a:mozilla:thunderbird <= 38.6.0

Configuration #3

    CPE23 From Up To
  Opensuse Leap 42.1 cpe:2.3:o:opensuse:leap:42.1
  Opensuse 13.1 cpe:2.3:o:opensuse:opensuse:13.1
  Opensuse 13.2 cpe:2.3:o:opensuse:opensuse:13.2
  Suse Linux Enterprise 12.0 cpe:2.3:o:suse:linux_enterprise:12.0