CVE-2016-9063: Integer Overflow
First published: Tue Nov 15 2016(Updated: )
An integer overflow during the parsing of XML using the Expat library.
Credit: CVE-2016-9063 CVE-2017-9233 CVE-2016-9063 CVE-2017-9233 CVE-2016-9063 CVE-2017-9233 CVE-2016-9063 CVE-2017-9233 security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox | <50 | 50 |
| <50 | 50 | |
| Apple iOS | <11 | 11 |
| Apple tvOS | <11 | 11 |
| Apple watchOS | <4 | 4 |
| Apple macOS High Sierra | <10.13 | 10.13 |
| Mozilla Firefox | <50 | |
| Debian Debian Linux | =8.0 | |
| Debian Debian Linux | =9.0 | |
| Debian Debian Linux | =10.0 | |
| Python Python | >=2.7.0<2.7.15 | |
| Python Python | >=3.3.0<3.3.7 | |
| Python Python | >=3.4.0<3.4.7 | |
| Python Python | >=3.5.0<3.5.4 | |
| Python Python | >=3.6.0<3.6.2 | |
| debian/expat | 2.2.6-2+deb10u4 2.2.6-2+deb10u6 2.2.10-2+deb11u5 2.5.0-1 2.5.0-2 | |
| debian/firefox | 118.0.2-1 | |
| debian/firefox-esr | 91.12.0esr-1~deb10u1 115.3.1esr-1~deb10u1 102.15.0esr-1~deb11u1 115.3.1esr-1~deb11u1 102.15.1esr-1~deb12u1 115.3.0esr-1~deb12u1 115.3.0esr-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT208112 (Advisory)
- https://support.apple.com/en-us/HT208113 (Advisory)
- https://support.apple.com/en-us/HT208115 (Advisory)
- https://support.apple.com/en-us/HT208144 (Advisory)
- https://bugzilla.mozilla.org/show_bug.cgi?id=1274777
- https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/
- http://www.securityfocus.com/bid/94337
- http://www.securitytracker.com/id/1037298
- http://www.securitytracker.com/id/1039427
- https://www.debian.org/security/2017/dsa-3898
- https://www.mozilla.org/security/advisories/mfsa2016-89/
- https://github.com/libexpat/libexpat/commit/d4f735b88d9932bd5039df2335eefdd0723dbe20
- https://security-tracker.debian.org/tracker/CVE-2016-9063
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2017-13832
- CVE-2016-0736
- CVE-2016-2161
- CVE-2016-5387
- CVE-2016-8740
- CVE-2016-8743
- CVE-2017-13909
- CVE-2017-13809
- CVE-2017-7084
- CVE-2017-7074
- CVE-2017-13820
- CVE-2017-13807
- CVE-2017-7143
- CVE-2017-13829
- CVE-2017-13833
- CVE-2017-7083
- CVE-2017-13821
- CVE-2017-0381
- CVE-2017-13825
- CVE-2017-13890
- CVE-2017-13851
- CVE-2017-7138
- CVE-2017-7121
- CVE-2017-7122
- CVE-2017-7123
- CVE-2017-7124
- CVE-2017-7125
- CVE-2017-7126
- CVE-2017-13815
- CVE-2017-13828
- CVE-2017-13811
- CVE-2017-13835
- CVE-2017-11103
- CVE-2017-13819
- CVE-2017-13830
- CVE-2017-13814
- CVE-2017-13831
- CVE-2017-13837
- CVE-2017-13906
- CVE-2017-7077
- CVE-2017-7119
- CVE-2017-7114
- CVE-2017-13810
- CVE-2017-13817
- CVE-2017-13818
- CVE-2017-13836
- CVE-2017-13841
- CVE-2017-13840
- CVE-2017-13842
- CVE-2017-13782
- CVE-2017-13843
- CVE-2017-13854
- CVE-2017-13834
- CVE-2017-13873
- CVE-2017-13827
- CVE-2017-13813
- CVE-2017-13816
- CVE-2017-13812
- CVE-2016-4736
- CVE-2017-7086
- CVE-2017-1000373
- CVE-2016-9063
- CVE-2017-9233
- CVE-2018-4302
- CVE-2017-5130
- CVE-2017-7376
- CVE-2017-9050
- CVE-2017-9049
- CVE-2017-7141
- CVE-2017-7078
- CVE-2017-6451
- CVE-2017-6452
- CVE-2017-6455
- CVE-2017-6458
- CVE-2017-6459
- CVE-2017-6460
- CVE-2017-6462
- CVE-2017-6463
- CVE-2017-6464
- CVE-2016-9042
- CVE-2017-13824
- CVE-2017-13846
- CVE-2017-10140
- CVE-2017-13822
- CVE-2017-7132
- CVE-2017-13823
- CVE-2017-13808
- CVE-2017-13838
- CVE-2017-7082
- CVE-2017-7080
- CVE-2017-13908
- CVE-2017-13839
- CVE-2017-13910
- CVE-2017-10989
- CVE-2017-7128
- CVE-2017-7129
- CVE-2017-7130
- CVE-2017-7127
- CVE-2016-9840
- CVE-2016-9841
- CVE-2016-9842
- CVE-2016-9843
- CVE-2017-7103
- CVE-2017-7105
- CVE-2017-7108
- CVE-2017-7110
- CVE-2017-7112
- CVE-2017-7116
- CVE-2017-7081
- CVE-2017-7087
- CVE-2017-7091
- CVE-2017-7092
- CVE-2017-7093
- CVE-2017-7094
- CVE-2017-7095
- CVE-2017-7096
- CVE-2017-7098
- CVE-2017-7099
- CVE-2017-7100
- CVE-2017-7102
- CVE-2017-7104
- CVE-2017-7107
- CVE-2017-7111
- CVE-2017-7117
- CVE-2017-7120
- CVE-2017-7090
- CVE-2017-7109
- CVE-2017-11120
- CVE-2017-11121
- CVE-2017-7115
- CVE-2017-11122
- CVE-2017-13863
- CVE-2017-7131
- CVE-2017-7088
- CVE-2017-7072
- CVE-2017-7140
- CVE-2017-7148
- CVE-2017-7097
- CVE-2017-7118
- CVE-2017-7133
- CVE-2017-7075
- CVE-2017-7139
- CVE-2017-13806
- CVE-2017-7085
- CVE-2017-13877
- CVE-2017-7146
- CVE-2017-6211
- CVE-2017-7145
- CVE-2017-7089
- CVE-2017-7106
- CVE-2017-7144
- CVE-2017-7142
- CVE-2016-5296
- CVE-2016-5292
- CVE-2016-5293
- CVE-2016-5294
- CVE-2016-5297
- CVE-2016-9064
- CVE-2016-9065
- CVE-2016-9066
- CVE-2016-9067
- CVE-2016-9068
- CVE-2016-9072
- CVE-2016-9075
- CVE-2016-9077
- CVE-2016-5291
- CVE-2016-5295
- CVE-2016-5298
- CVE-2016-5299
- CVE-2016-9061
- CVE-2016-9062
- CVE-2016-9070
- CVE-2016-9073
- CVE-2016-9074
- CVE-2016-9076
- CVE-2016-9071
- CVE-2016-5289
- CVE-2016-5290
Frequently Asked Questions
What is CVE-2016-9063?
CVE-2016-9063 is a vulnerability that involves an integer overflow during the parsing of XML using the Expat library.
Which software is affected by CVE-2016-9063?
Firefox versions prior to 50, Mozilla Firefox, Debian Linux 8.0, Debian Linux 9.0, Debian Linux 10.0, Python 2.7.0 to 2.7.15, Python 3.3.0 to 3.3.7, Python 3.4.0 to 3.4.7, Python 3.5.0 to 3.5.4, Python 3.6.0 to 3.6.2, macOS High Sierra (up to version 10.13), iOS (up to version 11), tvOS (up to version 11), and watchOS (up to version 4) are affected by this vulnerability.
What is the severity of CVE-2016-9063?
CVE-2016-9063 has a severity keyword of 'critical' and a severity value of 9.8.
How do I fix CVE-2016-9063 in Firefox?
To fix CVE-2016-9063 in Firefox, update to version 50 or later.
How do I fix CVE-2016-9063 in the Expat library?
To fix CVE-2016-9063 in the Expat library, update to version 2.2.1 or later.
- collector/security-tracker-debian
- collector/apple-support
- alias/CVE-2017-9233
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/software-canonical-lookup-request
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/tags
- agent/description
- agent/event
- collector/mozilla-advisory
- source/Mozilla
- agent/software-canonical-lookup
- collector/nvd-index
- collector/mitre-cve
- source/MITRE
- package-manager/debian
- vendor/apple
- canonical/apple macos high sierra
- canonical/apple watchos
- canonical/apple tvos
- canonical/apple ios
- vendor/mozilla
- canonical/mozilla firefox
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/8.0
- version/debian debian linux/9.0
- version/debian debian linux/10.0
- vendor/python
- canonical/python python
- version/python python/2.7.0
- version/python python/3.3.0
- version/python python/3.4.0
- version/python python/3.5.0
- version/python python/3.6.0