VDB
CVE-2016-1960
CVE-2016-1960
PUBLISHED
Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) by leveraging mishandling of end tags, as demonstrated by incorrect SVG processing, aka ZDI-CAN-3545.
EPSS 86.45% · 99.4th percentile
Risk Scores
EPSS Score
86.45%
99.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:14.04:LTS | firefox | 40.0.3+build1-0ubuntu0.14.04.1, 30.0+build1-0ubuntu0.14.04.3, 31.0+build1-0ubuntu0.14.04.1 |
| Ubuntu:14.04:LTS | thunderbird | 0, 1:24.2.0+build1-0ubuntu1, 1:24.5.0+build1-0ubuntu0.14.04.1 |
| Ubuntu:16.04:LTS | thunderbird | 1:38.5.1+build2-0ubuntu1, 1:38.6.0+build1-0ubuntu1, 0 |
Exploit Intelligence
- 44294 (cve.org)
- 42484 (cve.org)
- Firefox 44.0.2 - ASM.JS JIT-Spray Remote Code Execution Exploit (0day-today)
- Firefox 44.0.2 - ASM.JS JIT-Spray Remote Code Execution Exploit (0day-today)
- Mozilla Firefox < 45.0 - nsHtml5TreeBuilder Use-After-Free (EMET 5.52 Bypass) Exploit (0day-today)
- Mozilla Firefox < 45.0 - nsHtml5TreeBuilder Use-After-Free (EMET 5.52 Bypass) Exploit (0day-today)
Timeline
- Mar 8, 2016 CVE Published
- Aug 18, 2017 PoC Published
- Mar 16, 2018 PoC Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2016-1960 third-party-advisory
- https://www.mozilla.org/en-US/security/advisories/mfsa2016-23/ third-party-advisory
- https://ubuntu.com/security/notices/USN-2917-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-2934-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2016-1960 third-party-advisory