Search for vulnerabilities
Vulnerability details: VCID-fydh-5vcp-tfd6
Vulnerability ID VCID-fydh-5vcp-tfd6
Aliases CVE-2016-1935
Summary Security researcher Aki Helin used the Address Sanitizer tool to find a buffer overflow write when rendering some WebGL content. This leads to a potentially exploitable crash. In general this flaw cannot be exploited through email in the Thunderbird product, but is potentially a risk in browser or browser-like contexts.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.00495 https://api.first.org/data/v1/epss?cve=CVE-2016-1935
epss 0.00495 https://api.first.org/data/v1/epss?cve=CVE-2016-1935
epss 0.00495 https://api.first.org/data/v1/epss?cve=CVE-2016-1935
epss 0.00495 https://api.first.org/data/v1/epss?cve=CVE-2016-1935
epss 0.00495 https://api.first.org/data/v1/epss?cve=CVE-2016-1935
epss 0.00495 https://api.first.org/data/v1/epss?cve=CVE-2016-1935
epss 0.00495 https://api.first.org/data/v1/epss?cve=CVE-2016-1935
epss 0.00495 https://api.first.org/data/v1/epss?cve=CVE-2016-1935
epss 0.00495 https://api.first.org/data/v1/epss?cve=CVE-2016-1935
epss 0.00495 https://api.first.org/data/v1/epss?cve=CVE-2016-1935
epss 0.00495 https://api.first.org/data/v1/epss?cve=CVE-2016-1935
epss 0.00495 https://api.first.org/data/v1/epss?cve=CVE-2016-1935
epss 0.00495 https://api.first.org/data/v1/epss?cve=CVE-2016-1935
epss 0.00495 https://api.first.org/data/v1/epss?cve=CVE-2016-1935
epss 0.00495 https://api.first.org/data/v1/epss?cve=CVE-2016-1935
epss 0.00495 https://api.first.org/data/v1/epss?cve=CVE-2016-1935
epss 0.00495 https://api.first.org/data/v1/epss?cve=CVE-2016-1935
epss 0.00495 https://api.first.org/data/v1/epss?cve=CVE-2016-1935
epss 0.00495 https://api.first.org/data/v1/epss?cve=CVE-2016-1935
epss 0.00525 https://api.first.org/data/v1/epss?cve=CVE-2016-1935
epss 0.00525 https://api.first.org/data/v1/epss?cve=CVE-2016-1935
epss 0.00525 https://api.first.org/data/v1/epss?cve=CVE-2016-1935
epss 0.00525 https://api.first.org/data/v1/epss?cve=CVE-2016-1935
epss 0.00525 https://api.first.org/data/v1/epss?cve=CVE-2016-1935
epss 0.00525 https://api.first.org/data/v1/epss?cve=CVE-2016-1935
epss 0.00525 https://api.first.org/data/v1/epss?cve=CVE-2016-1935
epss 0.00525 https://api.first.org/data/v1/epss?cve=CVE-2016-1935
cvssv2 5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
generic_textual critical https://www.mozilla.org/en-US/security/advisories/mfsa2016-03
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1935.json
https://api.first.org/data/v1/epss?cve=CVE-2016-1935
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1526
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1301821 https://bugzilla.redhat.com/show_bug.cgi?id=1301821
CVE-2016-1935 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1935
mfsa2016-03 https://www.mozilla.org/en-US/security/advisories/mfsa2016-03
RHSA-2016:0071 https://access.redhat.com/errata/RHSA-2016:0071
RHSA-2016:0258 https://access.redhat.com/errata/RHSA-2016:0258
USN-2880-1 https://usn.ubuntu.com/2880-1/
USN-2904-1 https://usn.ubuntu.com/2904-1/
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.64713
EPSS Score 0.00495
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:10:14.635709+00:00 Mozilla Importer Import https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2016/mfsa2016-03.md 37.0.0