Mozilla Firefox 43.x mishandles attempts to connect to the Application Reputation service, which makes it easier for remote attackers to trigger an unintended download by leveraging the absence of reputation data.
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html | Third Party Advisory |
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html | Third Party Advisory |
http://www.mozilla.org/security/announce/2016/mfsa2016-11.html | Vendor Advisory |
http://www.securityfocus.com/bid/81949 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1034825 | |
http://www.ubuntu.com/usn/USN-2880-1 | Third Party Advisory |
http://www.ubuntu.com/usn/USN-2880-2 | Third Party Advisory |
https://bugzilla.mozilla.org/show_bug.cgi?id=1237103 | Issue Tracking Vendor Advisory |
https://security.gentoo.org/glsa/201605-06 | Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mozilla
Published: 2016-01-31T18:00:00
Updated: 2017-09-09T09:57:01
Reserved: 2016-01-20T00:00:00
Link: CVE-2016-1947
JSON object: View
NVD Information
Status : Modified
Published: 2016-01-31T18:59:13.387
Modified: 2018-10-30T16:27:35.843
Link: CVE-2016-1947
JSON object: View
Redhat Information
No data.
CWE