CVE-2016-1947
First published: Sun Jan 31 2016(Updated: )
Mozilla Firefox 43.x mishandles attempts to connect to the Application Reputation service, which makes it easier for remote attackers to trigger an unintended download by leveraging the absence of reputation data.
Credit: security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ubuntu Linux | =12.04 | |
| Ubuntu Linux | =14.04 | |
| Ubuntu Linux | =15.04 | |
| Ubuntu Linux | =15.10 | |
| openSUSE | =42.1 | |
| openSUSE | =13.1 | |
| openSUSE | =13.2 | |
| Mozilla Firefox | =43.0 | |
| Mozilla Firefox | =43.0.1 | |
| Mozilla Firefox | =43.0.2 | |
| Mozilla Firefox | =43.0.3 | |
| Mozilla Firefox | =43.0.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html
- http://www.mozilla.org/security/announce/2016/mfsa2016-11.html
- http://www.securityfocus.com/bid/81949
- http://www.securitytracker.com/id/1034825
- http://www.ubuntu.com/usn/USN-2880-1
- http://www.ubuntu.com/usn/USN-2880-2
- https://bugzilla.mozilla.org/show_bug.cgi?id=1237103
- https://security.gentoo.org/glsa/201605-06
Frequently Asked Questions
What is the severity of CVE-2016-1947?
CVE-2016-1947 is classified as a moderate severity vulnerability.
How do I fix CVE-2016-1947?
To mitigate CVE-2016-1947, update your Mozilla Firefox to version 43.0.4 or later.
What software is affected by CVE-2016-1947?
CVE-2016-1947 affects Mozilla Firefox versions 43.0 to 43.0.4 and specific versions of Ubuntu and openSUSE.
What type of attack does CVE-2016-1947 enable?
CVE-2016-1947 allows remote attackers to unintentionally trigger downloads by exploiting the lack of reputation data.
Is CVE-2016-1947 specific to any operating system?
Yes, CVE-2016-1947 affects users on Ubuntu and openSUSE platforms running vulnerable versions of Firefox.
- agent/type
- agent/references
- agent/author
- agent/severity
- agent/weakness
- agent/description
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/12.04
- version/ubuntu linux/14.04
- version/ubuntu linux/15.04
- version/ubuntu linux/15.10
- vendor/opensuse
- canonical/opensuse
- version/opensuse/42.1
- version/opensuse/13.1
- version/opensuse/13.2
- vendor/mozilla
- canonical/mozilla firefox
- version/mozilla firefox/43.0
- version/mozilla firefox/43.0.1
- version/mozilla firefox/43.0.2
- version/mozilla firefox/43.0.3
- version/mozilla firefox/43.0.4