CVE-2016-1947
Published: 26 January 2016
Mozilla Firefox 43.x mishandles attempts to connect to the Application Reputation service, which makes it easier for remote attackers to trigger an unintended download by leveraging the absence of reputation data.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
firefox Launchpad, Ubuntu, Debian |
precise |
Released
(44.0+build3-0ubuntu0.12.04.1)
|
| trusty |
Released
(44.0+build3-0ubuntu0.14.04.1)
|
|
| upstream |
Released
(44.0)
|
|
| vivid |
Released
(44.0+build3-0ubuntu0.15.04.1)
|
|
| wily |
Released
(44.0+build3-0ubuntu0.15.10.1)
|
|
|
thunderbird Launchpad, Ubuntu, Debian |
precise |
Not vulnerable
|
| trusty |
Does not exist
(trusty was not-affected)
|
|
| upstream |
Not vulnerable
|
|
| vivid |
Not vulnerable
|
|
| wily |
Not vulnerable
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 4.7 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Changed |
| Confidentiality | None |
| Integrity impact | Low |
| Availability impact | None |
| Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N |