VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-fydh-5vcp-tfd6

Vulnerability ID	VCID-fydh-5vcp-tfd6
Aliases	CVE-2016-1935
Summary	Security researcher Aki Helin used the Address Sanitizer tool to find a buffer overflow write when rendering some WebGL content. This leads to a potentially exploitable crash. In general this flaw cannot be exploited through email in the Thunderbird product, but is potentially a risk in browser or browser-like contexts.
Status	Published
Exploitability	0.5
Weighted Severity	9.0
Risk	4.5
Affected and Fixed Packages	Package Details

Weaknesses (0)

There are no known CWE.

System	Score	Found at
epss	0.00495	https://api.first.org/data/v1/epss?cve=CVE-2016-1935
epss	0.00495	https://api.first.org/data/v1/epss?cve=CVE-2016-1935
epss	0.00495	https://api.first.org/data/v1/epss?cve=CVE-2016-1935
epss	0.00495	https://api.first.org/data/v1/epss?cve=CVE-2016-1935
epss	0.00495	https://api.first.org/data/v1/epss?cve=CVE-2016-1935
epss	0.00495	https://api.first.org/data/v1/epss?cve=CVE-2016-1935
epss	0.00495	https://api.first.org/data/v1/epss?cve=CVE-2016-1935
epss	0.00495	https://api.first.org/data/v1/epss?cve=CVE-2016-1935
epss	0.00495	https://api.first.org/data/v1/epss?cve=CVE-2016-1935
epss	0.00495	https://api.first.org/data/v1/epss?cve=CVE-2016-1935
epss	0.00495	https://api.first.org/data/v1/epss?cve=CVE-2016-1935
epss	0.00495	https://api.first.org/data/v1/epss?cve=CVE-2016-1935
epss	0.00495	https://api.first.org/data/v1/epss?cve=CVE-2016-1935
epss	0.00495	https://api.first.org/data/v1/epss?cve=CVE-2016-1935
epss	0.00495	https://api.first.org/data/v1/epss?cve=CVE-2016-1935
epss	0.00495	https://api.first.org/data/v1/epss?cve=CVE-2016-1935
epss	0.00495	https://api.first.org/data/v1/epss?cve=CVE-2016-1935
epss	0.00495	https://api.first.org/data/v1/epss?cve=CVE-2016-1935
cvssv2	5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
generic_textual	critical	https://www.mozilla.org/en-US/security/advisories/mfsa2016-03

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1935.json
		https://api.first.org/data/v1/epss?cve=CVE-2016-1935
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1526
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1301821		https://bugzilla.redhat.com/show_bug.cgi?id=1301821
CVE-2016-1935		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1935
mfsa2016-03		https://www.mozilla.org/en-US/security/advisories/mfsa2016-03
RHSA-2016:0071		https://access.redhat.com/errata/RHSA-2016:0071
RHSA-2016:0258		https://access.redhat.com/errata/RHSA-2016:0258
USN-2880-1		https://usn.ubuntu.com/2880-1/
USN-2904-1		https://usn.ubuntu.com/2904-1/

No exploits are available.

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Exploit Prediction Scoring System (EPSS)

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:10:14.635709+00:00	Mozilla Importer	Import	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2016/mfsa2016-03.md	37.0.0