CVE-2016-1962

CVSS v3.0 9.8 (Critical)

CVSS v2.0 10 (High)

EPSS 1.02 % (84^th)

Affected Products 4

Advisories 11

Use-after-free vulnerability in the mozilla::DataChannelConnection::Close function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of WebRTC data-channel connections.

Weaknesses

CWE-NVD-Other

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2016-03-13 18:59:11
(8 years ago)
Updated Date: 2019-12-27 16:08:55
(4 years ago)

Affected Products

Mozilla

Opensuse

Opensuse

Oracle

Linux

Configuration #1

	CPE23	Up To
Mozilla Firefox 44.0.2 and prior versions	cpe:2.3:a:mozilla:firefox	<= 44.0.2
Mozilla Firefox Esr 38.0	cpe:2.3:a:mozilla:firefox_esr:38.0
Mozilla Firefox Esr 38.0.1	cpe:2.3:a:mozilla:firefox_esr:38.0.1
Mozilla Firefox Esr 38.0.5	cpe:2.3:a:mozilla:firefox_esr:38.0.5
Mozilla Firefox Esr 38.1.0	cpe:2.3:a:mozilla:firefox_esr:38.1.0
Mozilla Firefox Esr 38.1.1	cpe:2.3:a:mozilla:firefox_esr:38.1.1
Mozilla Firefox Esr 38.2.0	cpe:2.3:a:mozilla:firefox_esr:38.2.0
Mozilla Firefox Esr 38.2.1	cpe:2.3:a:mozilla:firefox_esr:38.2.1
Mozilla Firefox Esr 38.3.0	cpe:2.3:a:mozilla:firefox_esr:38.3.0
Mozilla Firefox Esr 38.4.0	cpe:2.3:a:mozilla:firefox_esr:38.4.0
Mozilla Firefox Esr 38.5.0	cpe:2.3:a:mozilla:firefox_esr:38.5.0
Mozilla Firefox Esr 38.5.1	cpe:2.3:a:mozilla:firefox_esr:38.5.1
Mozilla Firefox Esr 38.6.0	cpe:2.3:a:mozilla:firefox_esr:38.6.0
Mozilla Firefox Esr 38.6.1	cpe:2.3:a:mozilla:firefox_esr:38.6.1

Configuration #2

		CPE23	From	Up To
	Opensuse 13.1	cpe:2.3:o:opensuse:opensuse:13.1

Configuration #3

		CPE23	From	Up To
	Oracle Linux 5.0	cpe:2.3:o:oracle:linux:5.0
	Oracle Linux 6	cpe:2.3:o:oracle:linux:6
	Oracle Linux 7	cpe:2.3:o:oracle:linux:7