| 0 |
| url |
VCID-1bx2-4ka7-w3cr |
| vulnerability_id |
VCID-1bx2-4ka7-w3cr |
| summary |
The CESG, the Information Security Arm of GCHQ, reported a dangling
pointer dereference within the Netscape Plugin Application Programming Interface (NPAPI)
that could lead to the NPAPI subsystem crashing. This issue requires a maliciously crafted
NPAPI plugin in concert with scripted web content, resulting in a potentially exploitable
crash when triggered.
In general this flaw cannot be exploited through email in the
Thunderbird product because scripting is disabled, but is potentially a risk in
browser or browser-like contexts. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-1966
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1bx2-4ka7-w3cr |
|
| 1 |
| url |
VCID-2pb1-uy1v-vuf1 |
| vulnerability_id |
VCID-2pb1-uy1v-vuf1 |
| summary |
Mozilla developers fixed several memory safety bugs in the browser engine used in
Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory
corruption under certain circumstances, and we presume that with enough effort at least
some of these could be exploited to run arbitrary code. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-1952
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2pb1-uy1v-vuf1 |
|
| 2 |
| url |
VCID-4hgx-k5jn-ckeu |
| vulnerability_id |
VCID-4hgx-k5jn-ckeu |
| summary |
Security researcher Holger Fuhrmannek and Mozilla security engineer
Tyson Smith reported a number of security vulnerabilities in the Graphite
2 library affecting version 1.3.5.
The issue reported by Holger Fuhrmannek is a mechanism to induce
stack corruption with a malicious graphite font. This leads to a potentially exploitable
crash when the font is loaded.
Tyson Smith used the Address Sanitizer tool in concert with a custom
software fuzzer to find a series of uninitialized memory, out-of-bounds read, and
out-of-bounds write errors when working with fuzzed graphite fonts.
To address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been
updated to Graphite 2 version 1.3.6. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-1977
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4hgx-k5jn-ckeu |
|
| 3 |
| url |
VCID-9wc3-cjef-3ucq |
| vulnerability_id |
VCID-9wc3-cjef-3ucq |
| summary |
Security researcher Francis Gabriel of Quarkslab reported a heap-based
buffer overflow in the way the Network Security Services (NSS) libraries parsed certain
ASN.1 structures. An attacker could create a specially-crafted certificate which, when
parsed by NSS, would cause it to crash or execute arbitrary code with the permissions of
the user.
This issue has been addressed in the NSS releases shipping on affected Mozilla
products: |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-1950
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9wc3-cjef-3ucq |
|
| 4 |
| url |
VCID-b1zu-35mw-jkdg |
| vulnerability_id |
VCID-b1zu-35mw-jkdg |
| summary |
Security researchers Jose Martinez and Romina
Santillan reported a memory leak in the libstagefright library when array
destruction occurs during MPEG4 video file processing.
In general this flaw cannot be exploited through email in the
Thunderbird product because scripting is disabled, but is potentially a risk in
browser or browser-like contexts. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-1957
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-b1zu-35mw-jkdg |
|
| 5 |
| url |
VCID-cr9v-b95v-eyha |
| vulnerability_id |
VCID-cr9v-b95v-eyha |
| summary |
Security researcher Ronald Crane reported an out-of-bounds read
following a failed allocation in the HTML parser while working with unicode strings. This
can also affect the parsing of XML and SVG format data. This leads to a potentially
exploitable crash.
In general this flaw cannot be exploited through email in the
Thunderbird product because scripting is disabled, but is potentially a risk in
browser or browser-like contexts. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-1974
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-cr9v-b95v-eyha |
|
| 6 |
| url |
VCID-dhjd-31cm-1fh6 |
| vulnerability_id |
VCID-dhjd-31cm-1fh6 |
| summary |
Security researcher ca0nguyen, working with HP's Zero Day Initiative,
reported a use-after-free issue in the HTML5 string parser when parsing a particular set
of table-related tags in a foreign fragment context such as SVG. This results in a
potentially exploitable crash.
In general this flaw cannot be exploited through email in the
Thunderbird product because scripting is disabled, but is potentially a risk in
browser or browser-like contexts. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-1960
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dhjd-31cm-1fh6 |
|
| 7 |
| url |
VCID-dxam-cewh-63dt |
| vulnerability_id |
VCID-dxam-cewh-63dt |
| summary |
Security researcher Nicolas Golubovic reported that a malicious page
can overwrite files on the user's machine using Content Security Policy (CSP) violation
reports. The file contents are restricted to the JSON format of the report. In many cases
overwriting a local file may simply be destructive, breaking the functionality of that
file. The CSP error reports can include HTML fragments which could be rendered by
browsers. If a user has disabled add-on signing and has installed an "unpacked" add-on, a
malicious page could overwrite one of the add-on resources. Depending on how this resource
is used, this could lead to privilege escalation.
In general this flaw cannot be exploited through email in the
Thunderbird product because scripting is disabled, but is potentially a risk in
browser or browser-like contexts. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-1954
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dxam-cewh-63dt |
|
| 8 |
| url |
VCID-jr76-2aht-uqb2 |
| vulnerability_id |
VCID-jr76-2aht-uqb2 |
| summary |
Security researcher lokihardt, working with HP's Zero Day Initiative,
reported a use-after-free issue in the SetBody function of
HTMLDocument. This results in a potentially exploitable crash.
In general this flaw cannot be exploited through email in the
Thunderbird product because scripting is disabled, but is potentially a risk in
browser or browser-like contexts. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-1961
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jr76-2aht-uqb2 |
|
| 9 |
| url |
VCID-mxj9-cgmx-zkg9 |
| vulnerability_id |
VCID-mxj9-cgmx-zkg9 |
| summary |
Security researcher Nicolas Grégoire used the Address Sanitizer to
find a use-after-free during XML transformation operations. This results in a potentially
exploitable crash triggerable by web content.
In general this flaw cannot be exploited through email in the
Thunderbird product because scripting is disabled, but is potentially a risk in
browser or browser-like contexts. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-1964
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mxj9-cgmx-zkg9 |
|