Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2016-1968

Published: 13/03/2016 Updated: 03/12/2016
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Mozilla

Vulnerability Summary

Integer underflow in Brotli, as used in Mozilla Firefox prior to 45.0, allows remote malicious users to execute arbitrary code or cause a denial of service (buffer overflow) via crafted data with brotli compression.

Vulnerable Product Search on Vulmon Subscribe to Product

mozilla firefox

Vendor Advisories

Debian CVElist Bug Report Logs: brotli: CVE-2016-1624 CVE-2016-1968
Debian Bug report logs - #817233 brotli: CVE-2016-1624 CVE-2016-1968 Package: src:brotli; Maintainer for src:brotli is Tomasz Buchert <tomasz@debianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Wed, 9 Mar 2016 07:54:10 UTC Severity: grave Tags: fixed-upstream, patch, security, upstream Found in vers ...
Ubuntu Security Notice: firefox vulnerabilities
Firefox could be made to crash or run programs as your login if it opened a malicious website ...
Ubuntu Security Notice: firefox regressions
USN-2917-1 introduced several regressions in Firefox ...
Ubuntu Security Notice: firefox regressions
USN-2917-1 introduced several regressions in Firefox ...
Mozilla: Buffer overflow in Brotli decompression
Mozilla Foundation Security Advisory 2016-30 Buffer overflow in Brotli decompression Announced March 8, 2016 Reporter Luke Li Impact High Products Firefox Fixed in Firefox 45 ...

Github Repositories

https://github.com/MeteoGroup/jbrotli

The repo has been migrated to Bitbucket https://bitbucket.org/dtnse/jbrotli/src/master/ and archived

jBrotli Java bindings for Brotli: a new compression algorithm for the internet License Supported operating systems and architectures jbrotli provides platform dependant bindings for Google's brotli library Thus each target platform which is provided here was compiled and tested for the following operating systems and architectures Windows 7 or newer, x86 64bit Windows

References

CWE-189http://www.mozilla.org/security/announce/2016/mfsa2016-30.htmlhttps://bugzilla.mozilla.org/show_bug.cgi?id=1246742https://security.gentoo.org/glsa/201605-06http://www.ubuntu.com/usn/USN-2917-2http://www.ubuntu.com/usn/USN-2917-1http://www.securitytracker.com/id/1035215http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.htmlhttp://www.ubuntu.com/usn/USN-2917-3http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=817233https://nvd.nist.govhttps://github.com/MeteoGroup/jbrotlihttps://usn.ubuntu.com/2917-1/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4654CVE-2023-49606encryptionNULL pointer dereferenceCVE-2024-4439CVE-2024-4649race conditionCVE-2024-27202CVE-2024-34566
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook