CVE-2016-1966

CVSS v3.0 8.8 (High)

CVSS v2.0 6.8 (Medium)

EPSS 1.03 % (84^th)

Affected Products 5

Advisories 14

The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference and memory corruption) via a crafted NPAPI plugin.

Weaknesses

CWE-NVD-Other

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2016-03-13 18:59:15
(8 years ago)
Updated Date: 2019-12-27 16:08:55
(4 years ago)

Affected Products

Mozilla

Opensuse

Opensuse

Oracle

Linux

Configuration #1

		CPE23	From	Up To
	Oracle Linux 5.0	cpe:2.3:o:oracle:linux:5.0
	Oracle Linux 6	cpe:2.3:o:oracle:linux:6
	Oracle Linux 7	cpe:2.3:o:oracle:linux:7

Configuration #2

	CPE23	Up To
Mozilla Firefox 44.0.2 and prior versions	cpe:2.3:a:mozilla:firefox	<= 44.0.2
Mozilla Firefox Esr 38.0	cpe:2.3:a:mozilla:firefox_esr:38.0
Mozilla Firefox Esr 38.0.1	cpe:2.3:a:mozilla:firefox_esr:38.0.1
Mozilla Firefox Esr 38.0.5	cpe:2.3:a:mozilla:firefox_esr:38.0.5
Mozilla Firefox Esr 38.1.0	cpe:2.3:a:mozilla:firefox_esr:38.1.0
Mozilla Firefox Esr 38.1.1	cpe:2.3:a:mozilla:firefox_esr:38.1.1
Mozilla Firefox Esr 38.2.0	cpe:2.3:a:mozilla:firefox_esr:38.2.0
Mozilla Firefox Esr 38.2.1	cpe:2.3:a:mozilla:firefox_esr:38.2.1
Mozilla Firefox Esr 38.3.0	cpe:2.3:a:mozilla:firefox_esr:38.3.0
Mozilla Firefox Esr 38.4.0	cpe:2.3:a:mozilla:firefox_esr:38.4.0
Mozilla Firefox Esr 38.5.0	cpe:2.3:a:mozilla:firefox_esr:38.5.0
Mozilla Firefox Esr 38.5.1	cpe:2.3:a:mozilla:firefox_esr:38.5.1
Mozilla Firefox Esr 38.6.0	cpe:2.3:a:mozilla:firefox_esr:38.6.0
Mozilla Firefox Esr 38.6.1	cpe:2.3:a:mozilla:firefox_esr:38.6.1
Mozilla Thunderbird 38.6.0 and prior versions	cpe:2.3:a:mozilla:thunderbird	<= 38.6.0

Configuration #3

		CPE23	From	Up To
	Opensuse 13.1	cpe:2.3:o:opensuse:opensuse:13.1