CyberSec.Space Logo
Back to CVE Browser

CVE-2016-1931

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0620%
EPSS Percentile12.53th
PublishedJan 31, 2016
Last ModifiedMay 6, 2026

Vulnerability Description

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to uninitialized memory encountered during brotli data compression, and other vectors.

Affected Platforms (CPE)

πŸ“¦
Mozilla

Firefox

<= 43.0.4
πŸ’»
Opensuse

Leap

= 42.1
πŸ’»
Opensuse

Opensuse

= 13.1
πŸ’»
Opensuse

Opensuse

= 13.2

References & Advisories

πŸ”— http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html
πŸ”— http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html
πŸ”— http://www.mozilla.org/security/announce/2016/mfsa2016-01.html
πŸ”— http://www.securityfocus.com/bid/81953
πŸ”— http://www.securitytracker.com/id/1034825
πŸ”— http://www.ubuntu.com/usn/USN-2880-1
πŸ”— http://www.ubuntu.com/usn/USN-2880-2
πŸ”— https://bugzilla.mozilla.org/show_bug.cgi?id=1180064

Related Vulnerabilities

CVE-2019-1170810.0

Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the no...

CVE-2019-2513610.0

A compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in arbitrary code execution and ...

CVE-2018-1850510.0

An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication betwee...

CVE-2020-1238810.0

The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this iss...