Details of VAR-201601-0551

ID

VAR-201601-0551

CVE

CVE-2016-1941

TITLE

Mac OS X Run on Mozilla Firefox Vulnerable to a clickjacking attack in the file download dialog

Trust: 0.8

sources: JVNDB: JVNDB-2016-001357

DESCRIPTION

The file-download dialog in Mozilla Firefox before 44.0 on OS X enables a certain button too quickly, which allows remote attackers to conduct clickjacking attacks via a crafted web site that triggers a single-click action in a situation where a double-click action was intended. Mozilla Firefox is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions; this may aid in launching further attacks. This issue is fixed in: Firefox 44. Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. A security vulnerability exists in the file-download dialog in Mozilla Firefox prior to 44.0 on OS X. The vulnerability is caused by the short interval between the dialog gaining focus and the button being available. Remote attackers can use specially crafted Web sites to exploit this vulnerability to carry out clickjacking attacks. From: Yury German <blueknight@gentoo.org> To: gentoo-announce@lists.gentoo.org Message-ID: <916540f6-4310-774b-bd6f-8f60d477da02@gentoo.org> Subject: [ GLSA 201605-06 ] Mozilla Products: Multiple vulnerabilities - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201605-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Mozilla Products: Multiple vulnerabilities Date: May 31, 2016 Bugs: #549356, #557590, #559186, #561246, #563230, #564834, #573074, #574596, #576862 ID: 201605-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Firefox, Thunderbird, Network Security Services (NSS), and NetScape Portable Runtime (NSPR) with the worst of which may allow remote execution of arbitrary code. Background ========== Mozilla Firefox is an open-source web browser, Mozilla Thunderbird an open-source email client, and the Network Security Service (NSS) is a library implementing security features like SSL v.2/v.3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME and X.509 certificates. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as 'Mozilla Application Suite'. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/nspr < 4.12 >= 4.12 2 dev-libs/nss < 3.22.2 >= 3.22.2 3 mail-client/thunderbird < 38.7.0 >= 38.7.0 4 mail-client/thunderbird-bin < 38.7.0 >= 38.7.0 5 www-client/firefox < 38.7.0 >= 38.7.0 6 www-client/firefox-bin < 38.7.0 >= 38.7.0 ------------------------------------------------------------------- 6 affected packages Description =========== Multiple vulnerabilities have been discovered in Firefox, NSS, NSPR, and Thunderbird. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Workaround ========== There is no known workaround at this time. Resolution ========== All NSS users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/nss-3.22.2" All Thunderbird users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-38.7.0"= All users of the Thunderbird binary package should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-38.7.0" All Firefox 38.7.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-38.7.0" All users of the Firefox 38.7.x binary package should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-38.7.0" References ========== [ 1 ] CVE-2015-2708 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2708 [ 2 ] CVE-2015-2708 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2708 [ 3 ] CVE-2015-2709 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2709 [ 4 ] CVE-2015-2709 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2709 [ 5 ] CVE-2015-2710 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2710 [ 6 ] CVE-2015-2710 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2710 [ 7 ] CVE-2015-2711 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2711 [ 8 ] CVE-2015-2711 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2711 [ 9 ] CVE-2015-2712 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2712 [ 10 ] CVE-2015-2712 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2712 [ 11 ] CVE-2015-2713 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2713 [ 12 ] CVE-2015-2713 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2713 [ 13 ] CVE-2015-2714 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2714 [ 14 ] CVE-2015-2714 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2714 [ 15 ] CVE-2015-2715 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2715 [ 16 ] CVE-2015-2715 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2715 [ 17 ] CVE-2015-2716 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2716 [ 18 ] CVE-2015-2716 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2716 [ 19 ] CVE-2015-2717 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2717 [ 20 ] CVE-2015-2717 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2717 [ 21 ] CVE-2015-2718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2718 [ 22 ] CVE-2015-2718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2718 [ 23 ] CVE-2015-4473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4473 [ 24 ] CVE-2015-4473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4473 [ 25 ] CVE-2015-4474 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4474 [ 26 ] CVE-2015-4474 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4474 [ 27 ] CVE-2015-4475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4475 [ 28 ] CVE-2015-4475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4475 [ 29 ] CVE-2015-4477 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4477 [ 30 ] CVE-2015-4477 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4477 [ 31 ] CVE-2015-4478 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4478 [ 32 ] CVE-2015-4478 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4478 [ 33 ] CVE-2015-4479 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4479 [ 34 ] CVE-2015-4479 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4479 [ 35 ] CVE-2015-4480 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4480 [ 36 ] CVE-2015-4480 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4480 [ 37 ] CVE-2015-4481 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4481 [ 38 ] CVE-2015-4481 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4481 [ 39 ] CVE-2015-4482 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4482 [ 40 ] CVE-2015-4482 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4482 [ 41 ] CVE-2015-4483 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4483 [ 42 ] CVE-2015-4483 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4483 [ 43 ] CVE-2015-4484 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4484 [ 44 ] CVE-2015-4484 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4484 [ 45 ] CVE-2015-4485 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4485 [ 46 ] CVE-2015-4485 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4485 [ 47 ] CVE-2015-4486 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4486 [ 48 ] CVE-2015-4486 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4486 [ 49 ] CVE-2015-4487 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4487 [ 50 ] CVE-2015-4487 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4487 [ 51 ] CVE-2015-4488 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4488 [ 52 ] CVE-2015-4488 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4488 [ 53 ] CVE-2015-4489 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4489 [ 54 ] CVE-2015-4489 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4489 [ 55 ] CVE-2015-4490 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4490 [ 56 ] CVE-2015-4490 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4490 [ 57 ] CVE-2015-4491 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4491 [ 58 ] CVE-2015-4491 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4491 [ 59 ] CVE-2015-4492 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4492 [ 60 ] CVE-2015-4492 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4492 [ 61 ] CVE-2015-4493 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4493 [ 62 ] CVE-2015-4493 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4493 [ 63 ] CVE-2015-7181 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7181 [ 64 ] CVE-2015-7182 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7182 [ 65 ] CVE-2015-7183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7183 [ 66 ] CVE-2016-1523 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1523 [ 67 ] CVE-2016-1523 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1523 [ 68 ] CVE-2016-1930 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1930 [ 69 ] CVE-2016-1930 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1930 [ 70 ] CVE-2016-1931 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1931 [ 71 ] CVE-2016-1931 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1931 [ 72 ] CVE-2016-1933 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1933 [ 73 ] CVE-2016-1933 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1933 [ 74 ] CVE-2016-1935 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1935 [ 75 ] CVE-2016-1935 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1935 [ 76 ] CVE-2016-1937 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1937 [ 77 ] CVE-2016-1937 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1937 [ 78 ] CVE-2016-1938 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1938 [ 79 ] CVE-2016-1938 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1938 [ 80 ] CVE-2016-1939 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1939 [ 81 ] CVE-2016-1939 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1939 [ 82 ] CVE-2016-1940 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1940 [ 83 ] CVE-2016-1940 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1940 [ 84 ] CVE-2016-1941 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1941 [ 85 ] CVE-2016-1941 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1941 [ 86 ] CVE-2016-1942 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1942 [ 87 ] CVE-2016-1942 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1942 [ 88 ] CVE-2016-1943 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1943 [ 89 ] CVE-2016-1943 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1943 [ 90 ] CVE-2016-1944 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1944 [ 91 ] CVE-2016-1944 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1944 [ 92 ] CVE-2016-1945 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1945 [ 93 ] CVE-2016-1945 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1945 [ 94 ] CVE-2016-1946 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1946 [ 95 ] CVE-2016-1946 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1946 [ 96 ] CVE-2016-1947 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1947 [ 97 ] CVE-2016-1947 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1947 [ 98 ] CVE-2016-1948 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1948 [ 99 ] CVE-2016-1948 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1948 [ 100 ] CVE-2016-1949 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1949 [ 101 ] CVE-2016-1949 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1949 [ 102 ] CVE-2016-1950 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1950 [ 103 ] CVE-2016-1950 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1950 [ 104 ] CVE-2016-1952 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1952 [ 105 ] CVE-2016-1952 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1952 [ 106 ] CVE-2016-1953 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1953 [ 107 ] CVE-2016-1953 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1953 [ 108 ] CVE-2016-1954 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1954 [ 109 ] CVE-2016-1954 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1954 [ 110 ] CVE-2016-1955 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1955 [ 111 ] CVE-2016-1955 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1955 [ 112 ] CVE-2016-1956 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1956 [ 113 ] CVE-2016-1956 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1956 [ 114 ] CVE-2016-1957 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1957 [ 115 ] CVE-2016-1957 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1957 [ 116 ] CVE-2016-1958 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1958 [ 117 ] CVE-2016-1958 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1958 [ 118 ] CVE-2016-1959 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1959 [ 119 ] CVE-2016-1959 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1959 [ 120 ] CVE-2016-1960 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1960 [ 121 ] CVE-2016-1960 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1960 [ 122 ] CVE-2016-1961 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1961 [ 123 ] CVE-2016-1961 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1961 [ 124 ] CVE-2016-1962 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1962 [ 125 ] CVE-2016-1962 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1962 [ 126 ] CVE-2016-1963 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1963 [ 127 ] CVE-2016-1963 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1963 [ 128 ] CVE-2016-1964 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1964 [ 129 ] CVE-2016-1964 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1964 [ 130 ] CVE-2016-1965 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1965 [ 131 ] CVE-2016-1965 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1965 [ 132 ] CVE-2016-1966 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1966 [ 133 ] CVE-2016-1966 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1966 [ 134 ] CVE-2016-1967 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1967 [ 135 ] CVE-2016-1967 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1967 [ 136 ] CVE-2016-1968 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1968 [ 137 ] CVE-2016-1968 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1968 [ 138 ] CVE-2016-1969 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1969 [ 139 ] CVE-2016-1969 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1969 [ 140 ] CVE-2016-1970 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1970 [ 141 ] CVE-2016-1970 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1970 [ 142 ] CVE-2016-1971 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1971 [ 143 ] CVE-2016-1971 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1971 [ 144 ] CVE-2016-1972 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1972 [ 145 ] CVE-2016-1972 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1972 [ 146 ] CVE-2016-1973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1973 [ 147 ] CVE-2016-1973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1973 [ 148 ] CVE-2016-1974 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1974 [ 149 ] CVE-2016-1974 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1974 [ 150 ] CVE-2016-1975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1975 [ 151 ] CVE-2016-1975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1975 [ 152 ] CVE-2016-1976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1976 [ 153 ] CVE-2016-1976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1976 [ 154 ] CVE-2016-1977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1977 [ 155 ] CVE-2016-1977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1977 [ 156 ] CVE-2016-1978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1978 [ 157 ] CVE-2016-1978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1978 [ 158 ] CVE-2016-1979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1979 [ 159 ] CVE-2016-1979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1979 [ 160 ] CVE-2016-2790 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2790 [ 161 ] CVE-2016-2790 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2790 [ 162 ] CVE-2016-2791 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2791 [ 163 ] CVE-2016-2791 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2791 [ 164 ] CVE-2016-2792 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2792 [ 165 ] CVE-2016-2792 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2792 [ 166 ] CVE-2016-2793 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2793 [ 167 ] CVE-2016-2793 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2793 [ 168 ] CVE-2016-2794 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2794 [ 169 ] CVE-2016-2794 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2794 [ 170 ] CVE-2016-2795 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2795 [ 171 ] CVE-2016-2795 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2795 [ 172 ] CVE-2016-2796 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2796 [ 173 ] CVE-2016-2796 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2796 [ 174 ] CVE-2016-2797 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2797 [ 175 ] CVE-2016-2797 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2797 [ 176 ] CVE-2016-2798 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2798 [ 177 ] CVE-2016-2798 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2798 [ 178 ] CVE-2016-2799 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2799 [ 179 ] CVE-2016-2799 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2799 [ 180 ] CVE-2016-2800 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2800 [ 181 ] CVE-2016-2800 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2800 [ 182 ] CVE-2016-2801 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2801 [ 183 ] CVE-2016-2801 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2801 [ 184 ] CVE-2016-2802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2802 [ 185 ] CVE-2016-2802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2802 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201605-06 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 --Bs4bwglUWSbluQjJQQ051Q7fVoU1XxLw6

Trust: 2.07

sources: NVD: CVE-2016-1941 // JVNDB: JVNDB-2016-001357 // BID: 81958 // VULHUB: VHN-90760 // PACKETSTORM: 137239

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	*	Trust: 1.0
vendor:	mozilla	model:	firefox	scope:	lte	version:	43.0.4	Trust: 1.0
vendor:	mozilla	model:	firefox	scope:	lt	version:	44.0	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	-	version:	-	Trust: 0.6
vendor:	mozilla	model:	firefox	scope:	eq	version:	18.0	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.6.14	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.5.12	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	10.0.6	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.6.17	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.6	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	17.0.2	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.6	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.0.2	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.3	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.6.10	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	9.0	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.5.0.9	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.6.18	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	17.0.4	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	17.0.10	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	26.0	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.3	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.0	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.19	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	0.8	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.16	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	10.0.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	25.0	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	10.0.10	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.14	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.5.18	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.6.23	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	0.5	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	4.0	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	17.0	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.0.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.5.0.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.5.8	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	0.3	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.6.7	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	0.9.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.5.7	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	0.4	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	8.0	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	7	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	28.0	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.6.2	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	11.0	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	14.0	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	36.0.4	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	16.0.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.5.11	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	19.0	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.5.10	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	30.0	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.12	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	14.0.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	20.0.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	37.0.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.5.4	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.17	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.6.26	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	9.0.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	0.10	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	43	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	12.0	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.5.0.11	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.6.27	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	23.0.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.5	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	10.0.2	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	10.0	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.5.6	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.6.12	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	17.0.11	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	10.0.9	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.13	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	0.7	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	34.0.5	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	0.9.2	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.8	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.16	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.5.6	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	5.0	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.5.9	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.4	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	32.0.3	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	21.0	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	14.01	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	17.0.5	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	39.0.3	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	38	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.7	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	10.0.3	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	22.0	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.4.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	31.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	28.0.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.0.7	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.2	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	6.0	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	13.0	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.0.8	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	15.0.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	31.0	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.5.0.4	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.5.0.6	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	17.0.3	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.0.18	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	15.0	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	37.0.2	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	25.0.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	ne	version:	44	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.0.19	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.5.8	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.6.28	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.5.2	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.8	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.6.20	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	19.0.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	29.0	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.5.14	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.7	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	43.0.2	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	36.0.3	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.020	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	16.0	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.0.3	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	40	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	41.0.2	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	39	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	33	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.5.3	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.0.11	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.9	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	24.1.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	10.0.8	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.15	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	17.0.8	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	43.0.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.5.0.3	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	10.0.12	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.19	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	35	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.5.15	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.0.14	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	41	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.6.4	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	31.1.0	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	0.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.17	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.18	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	16.0.2	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	10.0.11	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.5.4	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.5.2	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	17.0.9	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.4	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	0.9	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.0.6	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	27.0	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.5.0.10	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.10	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.5	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.6	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	37	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.5.16	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	17.0.6	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.6.8	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.6.6	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.5	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	0.10.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	10.0.5	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.6.25	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.5.0.5	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.11	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	36	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	27.0.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.0.4	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	20.0	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.5.3	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	35.0.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.5.7	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.5.17	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	17.0.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.5.0.2	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.0.13	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	32.0	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	18.0.2	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	23.0	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	34	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	13.0.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.6.13	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.6.15	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	24.0	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.5.13	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.0.2	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	18.0.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.6.11	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	0.6	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.0.12	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.6.9	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.8	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	0.0.13	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.5.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	2.0.0.15	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.6.24	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.5.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.6.21	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.5	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	7.0	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	0.9.3	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	8.0.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	6	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	10.0.4	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.6.22	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.9	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.6.16	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	42	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.5.5	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	7.0.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.6.3	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	17.0.7	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.6.19	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.5.0.7	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	10.0.7	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.5.19	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	19.0.2	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.5.5	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	1.0.5	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	3.0.10	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	0.6.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	0.2	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	29.0.1	Trust: 0.3
vendor:	mozilla	model:	firefox	scope:	eq	version:	24.1	Trust: 0.3

sources: BID: 81958 // JVNDB: JVNDB-2016-001357 // CNNVD: CNNVD-201601-707 // NVD: CVE-2016-1941

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-1941
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-1941
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201601-707
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-90760
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-1941
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-90760
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-1941
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-90760 // JVNDB: JVNDB-2016-001357 // CNNVD: CNNVD-201601-707 // NVD: CVE-2016-1941

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-90760 // JVNDB: JVNDB-2016-001357 // NVD: CVE-2016-1941

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 137239 // CNNVD: CNNVD-201601-707

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201601-707

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-001357

PATCH

title:	MFSA2016-08	url:	http://www.mozilla.org/security/announce/2015/mfsa2016-08.html	Trust: 0.8
title:	MFSA2016-08	url:	http://www.mozilla-japan.org/security/announce/2016/mfsa2016-08.html	Trust: 0.8
title:	Mozilla Firefox file-download Fixes for dialog security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60004	Trust: 0.6

sources: JVNDB: JVNDB-2016-001357 // CNNVD: CNNVD-201601-707

EXTERNAL IDS

db:	NVD	id:	CVE-2016-1941	Trust: 2.9
db:	SECTRACK	id:	1034825	Trust: 1.1
db:	JVNDB	id:	JVNDB-2016-001357	Trust: 0.8
db:	CNNVD	id:	CNNVD-201601-707	Trust: 0.7
db:	BID	id:	81958	Trust: 0.4
db:	VULHUB	id:	VHN-90760	Trust: 0.1
db:	PACKETSTORM	id:	137239	Trust: 0.1

sources: VULHUB: VHN-90760 // BID: 81958 // JVNDB: JVNDB-2016-001357 // PACKETSTORM: 137239 // CNNVD: CNNVD-201601-707 // NVD: CVE-2016-1941

REFERENCES

url:	http://www.mozilla.org/security/announce/2016/mfsa2016-08.html	Trust: 1.7
url:	https://bugzilla.mozilla.org/show_bug.cgi?id=1116385	Trust: 1.7
url:	https://security.gentoo.org/glsa/201605-06	Trust: 1.2
url:	http://www.securitytracker.com/id/1034825	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1941	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1941	Trust: 0.8
url:	http://www.mozilla.com/en-us/	Trust: 0.3
url:	https://www.mozilla.org/en-us/security/advisories/mfsa2016-08/	Trust: 0.3
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4485	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2802	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1950	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4488	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4492	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1935	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7182	Trust: 0.1
url:	https://security.gentoo.org/	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1931	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1972	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1933	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4483	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4479	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1963	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1960	Trust: 0.1
url:	http://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4485	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1940	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1939	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2713	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7181	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-2711	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-2718	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1969	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4489	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2796	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4481	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2709	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2790	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4477	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1966	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1975	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1946	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2710	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2714	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1523	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4477	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7183	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4483	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4473	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1959	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1948	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2716	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4480	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-2712	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4475	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2712	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1977	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4479	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2792	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4478	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4486	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2800	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1930	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-2715	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4487	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2708	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1942	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-2713	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1938	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1957	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4493	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4488	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1956	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2717	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4478	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4489	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4473	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1962	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-2714	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-2710	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1941	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1970	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1978	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-2709	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2793	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1945	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4486	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4482	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1953	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2711	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4474	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4490	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1958	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1961	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4482	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4484	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1968	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2799	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1947	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1967	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4475	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2791	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1964	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4484	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1937	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-2716	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1979	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1943	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1965	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4487	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4490	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1954	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1955	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1976	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2794	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2795	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1973	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4480	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1952	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4491	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1971	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-2708	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2718	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4474	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1974	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2797	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2798	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1944	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4481	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2715	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1949	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2801	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-2717	Trust: 0.1

sources: VULHUB: VHN-90760 // BID: 81958 // JVNDB: JVNDB-2016-001357 // PACKETSTORM: 137239 // CNNVD: CNNVD-201601-707 // NVD: CVE-2016-1941

CREDITS

Jordi Chancel

Trust: 0.3

sources: BID: 81958

SOURCES

db:	VULHUB	id:	VHN-90760
db:	BID	id:	81958
db:	JVNDB	id:	JVNDB-2016-001357
db:	PACKETSTORM	id:	137239
db:	CNNVD	id:	CNNVD-201601-707
db:	NVD	id:	CVE-2016-1941

LAST UPDATE DATE

2025-04-13T22:50:39.731000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-90760	date:	2017-09-10T00:00:00
db:	BID	id:	81958	date:	2016-01-26T00:00:00
db:	JVNDB	id:	JVNDB-2016-001357	date:	2016-02-12T00:00:00
db:	CNNVD	id:	CNNVD-201601-707	date:	2016-02-01T00:00:00
db:	NVD	id:	CVE-2016-1941	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-90760	date:	2016-01-31T00:00:00
db:	BID	id:	81958	date:	2016-01-26T00:00:00
db:	JVNDB	id:	JVNDB-2016-001357	date:	2016-02-12T00:00:00
db:	PACKETSTORM	id:	137239	date:	2016-05-31T13:33:03
db:	CNNVD	id:	CNNVD-201601-707	date:	2016-01-31T00:00:00
db:	NVD	id:	CVE-2016-1941	date:	2016-01-31T18:59:07.810