ByteOS Network

NVD Vulnerability Details :

CVE-2016-1962

Deferred

Source-security@mozilla.org

Published At-13 Mar, 2016 | 18:59

Updated At-12 Apr, 2025 | 10:46

Use-after-free vulnerability in the mozilla::DataChannelConnection::Close function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of WebRTC data-channel connections.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	9.8	CRITICAL	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary	2.0	10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C

CPE Matches

Mozilla Corporation

>>firefox>>Versions up to 44.0.2(inclusive)

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

Mozilla Corporation

>>firefox>>38.0

cpe:2.3:a:mozilla:firefox:38.0:*:*:*:*:*:*:*

Mozilla Corporation

>>firefox>>38.0.1

cpe:2.3:a:mozilla:firefox:38.0.1:*:*:*:*:*:*:*

Mozilla Corporation

>>firefox>>38.0.5

cpe:2.3:a:mozilla:firefox:38.0.5:*:*:*:*:*:*:*

Mozilla Corporation

>>firefox>>38.1.0

cpe:2.3:a:mozilla:firefox:38.1.0:*:*:*:*:*:*:*

Mozilla Corporation

>>firefox>>38.1.1

cpe:2.3:a:mozilla:firefox:38.1.1:*:*:*:*:*:*:*

Mozilla Corporation

>>firefox>>38.2.0

cpe:2.3:a:mozilla:firefox:38.2.0:*:*:*:*:*:*:*

Mozilla Corporation

>>firefox>>38.2.1

cpe:2.3:a:mozilla:firefox:38.2.1:*:*:*:*:*:*:*

Mozilla Corporation

>>firefox>>38.3.0

cpe:2.3:a:mozilla:firefox:38.3.0:*:*:*:*:*:*:*

Mozilla Corporation

>>firefox>>38.4.0

cpe:2.3:a:mozilla:firefox:38.4.0:*:*:*:*:*:*:*

Mozilla Corporation

>>firefox>>38.5.0

cpe:2.3:a:mozilla:firefox:38.5.0:*:*:*:*:*:*:*

Mozilla Corporation

>>firefox>>38.5.1

cpe:2.3:a:mozilla:firefox:38.5.1:*:*:*:*:*:*:*

Mozilla Corporation

>>firefox>>38.6.0

cpe:2.3:a:mozilla:firefox:38.6.0:*:*:*:*:*:*:*

Mozilla Corporation

>>firefox>>38.6.1

cpe:2.3:a:mozilla:firefox:38.6.1:*:*:*:*:*:*:*

openSUSE

>>opensuse>>13.1

cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*

Oracle Corporation

>>linux>>5.0

cpe:2.3:o:oracle:linux:5.0:*:*:*:*:*:*:*

Oracle Corporation

>>linux>>6

cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*

Oracle Corporation

>>linux>>7

cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-Other	Primary	nvd@nist.gov

Evaluator Description

CWE-416: Use After Free

References

Hyperlink	Source	Resource
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html	security@mozilla.org	N/A
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html	security@mozilla.org	N/A
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html	security@mozilla.org	N/A
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html	security@mozilla.org	N/A
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html	security@mozilla.org	N/A
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html	security@mozilla.org	N/A
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html	security@mozilla.org	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html	security@mozilla.org	N/A
http://www.debian.org/security/2016/dsa-3510	security@mozilla.org	N/A
http://www.debian.org/security/2016/dsa-3520	security@mozilla.org	N/A
http://www.mozilla.org/security/announce/2016/mfsa2016-25.html	security@mozilla.org	Vendor Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html	security@mozilla.org	Third Party Advisory
http://www.securitytracker.com/id/1035215	security@mozilla.org	N/A
http://www.ubuntu.com/usn/USN-2917-1	security@mozilla.org	N/A
http://www.ubuntu.com/usn/USN-2917-2	security@mozilla.org	N/A
http://www.ubuntu.com/usn/USN-2917-3	security@mozilla.org	N/A
https://bugzilla.mozilla.org/show_bug.cgi?id=1240760	security@mozilla.org	Issue Tracking
https://security.gentoo.org/glsa/201605-06	security@mozilla.org	N/A
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.debian.org/security/2016/dsa-3510	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.debian.org/security/2016/dsa-3520	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.mozilla.org/security/announce/2016/mfsa2016-25.html	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
http://www.securitytracker.com/id/1035215	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.ubuntu.com/usn/USN-2917-1	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.ubuntu.com/usn/USN-2917-2	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.ubuntu.com/usn/USN-2917-3	af854a3a-2127-422b-91ae-364da2661108	N/A
https://bugzilla.mozilla.org/show_bug.cgi?id=1240760	af854a3a-2127-422b-91ae-364da2661108	Issue Tracking
https://security.gentoo.org/glsa/201605-06	af854a3a-2127-422b-91ae-364da2661108	N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History