{"id":"USN-2936-1","summary":"firefox vulnerabilities","details":"Christian Holler, Tyson Smith, Phil Ringalda, Gary Kwong, Jesse Ruderman,\nMats Palmgren, Carsten Book, Boris Zbarsky, David Bolter, Randell Jesup,\nAndrew McCreight, and Steve Fink discovered multiple memory safety issues\nin Firefox. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit these to cause a denial of\nservice via application crash, or execute arbitrary code with the\nprivileges of the user invoking Firefox. (CVE-2016-2804, CVE-2016-2806,\nCVE-2016-2807)\n\nAn invalid write was discovered when using the JavaScript .watch() method in\nsome circumstances. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial of\nservice via application crash, or execute arbitrary code with the\nprivileges of the user invoking Firefox. (CVE-2016-2808)\n\nLooben Yang discovered a use-after-free and buffer overflow in service\nworkers. If a user were tricked in to opening a specially crafted website,\nan attacker could potentially exploit these to cause a denial of service\nvia application crash, or execute arbitrary code with the privileges of\nthe user invoking Firefox. (CVE-2016-2811, CVE-2016-2812)\n\nSascha Just discovered a buffer overflow in libstagefright in some\ncircumstances. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial of\nservice via application crash, or execute arbitrary code with the\nprivileges of the user invoking Firefox. (CVE-2016-2814)\n\nMuneaki Nishimura discovered that CSP is not applied correctly to web\ncontent sent with the multipart/x-mixed-replace MIME type. An attacker\ncould potentially exploit this to conduct cross-site scripting (XSS)\nattacks when they would otherwise be prevented. (CVE-2016-2816)\n\nMuneaki Nishimura discovered that the chrome.tabs.update API for web\nextensions allows for navigation to javascript: URLs. A malicious\nextension could potentially exploit this to conduct cross-site scripting\n(XSS) attacks. (CVE-2016-2817)\n\nMark Goodwin discovered that about:healthreport accepts certain events\nfrom any content present in the remote-report iframe. If another\nvulnerability allowed the injection of web content in the remote-report\niframe, an attacker could potentially exploit this to change the user's\nsharing preferences. (CVE-2016-2820)\n","modified":"2026-04-22T09:24:49.531583Z","published":"2016-04-27T12:24:50Z","related":["UBUNTU-CVE-2016-2804","UBUNTU-CVE-2016-2806","UBUNTU-CVE-2016-2807","UBUNTU-CVE-2016-2808","UBUNTU-CVE-2016-2811","UBUNTU-CVE-2016-2812","UBUNTU-CVE-2016-2814","UBUNTU-CVE-2016-2816","UBUNTU-CVE-2016-2817","UBUNTU-CVE-2016-2820"],"upstream":["CVE-2016-2804","CVE-2016-2806","CVE-2016-2807","CVE-2016-2808","CVE-2016-2811","CVE-2016-2812","CVE-2016-2814","CVE-2016-2816","CVE-2016-2817","CVE-2016-2820","UBUNTU-CVE-2016-2804","UBUNTU-CVE-2016-2806","UBUNTU-CVE-2016-2807","UBUNTU-CVE-2016-2808","UBUNTU-CVE-2016-2811","UBUNTU-CVE-2016-2812","UBUNTU-CVE-2016-2814","UBUNTU-CVE-2016-2816","UBUNTU-CVE-2016-2817","UBUNTU-CVE-2016-2820"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-2936-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-2804"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-2806"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-2807"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-2808"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-2811"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-2812"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-2814"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-2816"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-2817"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-2820"}],"affected":[{"package":{"name":"firefox","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/firefox@46.0+build5-0ubuntu0.14.04.2?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"46.0+build5-0ubuntu0.14.04.2"}]}],"versions":["24.0+build1-0ubuntu1","25.0+build3-0ubuntu0.13.10.1","28.0~b2+build1-0ubuntu2","28.0+build1-0ubuntu1","28.0+build2-0ubuntu1","28.0+build2-0ubuntu2","29.0+build1-0ubuntu0.14.04.2","30.0+build1-0ubuntu0.14.04.3","31.0+build1-0ubuntu0.14.04.1","32.0+build1-0ubuntu0.14.04.1","32.0.3+build1-0ubuntu0.14.04.1","33.0+build2-0ubuntu0.14.04.1","34.0+build2-0ubuntu0.14.04.1","35.0+build3-0ubuntu0.14.04.2","35.0.1+build1-0ubuntu0.14.04.1","36.0+build2-0ubuntu0.14.04.4","36.0.1+build2-0ubuntu0.14.04.1","36.0.4+build1-0ubuntu0.14.04.1","37.0+build2-0ubuntu0.14.04.1","37.0.1+build1-0ubuntu0.14.04.1","37.0.2+build1-0ubuntu0.14.04.1","38.0+build3-0ubuntu0.14.04.1","39.0+build5-0ubuntu0.14.04.1","39.0.3+build2-0ubuntu0.14.04.1","40.0+build4-0ubuntu0.14.04.1","40.0+build4-0ubuntu0.14.04.4","40.0.3+build1-0ubuntu0.14.04.1","41.0+build3-0ubuntu0.14.04.1","41.0.1+build2-0ubuntu0.14.04.1","41.0.2+build2-0ubuntu0.14.04.1","42.0+build2-0ubuntu0.14.04.1","43.0+build1-0ubuntu0.14.04.1","43.0.4+build3-0ubuntu0.14.04.1","44.0+build3-0ubuntu0.14.04.1","44.0.1+build2-0ubuntu0.14.04.1","44.0.2+build1-0ubuntu0.14.04.1","45.0+build2-0ubuntu0.14.04.1","45.0.1+build1-0ubuntu0.14.04.2","45.0.2+build1-0ubuntu0.14.04.1"],"ecosystem_specific":{"binaries":[{"binary_name":"firefox","binary_version":"46.0+build5-0ubuntu0.14.04.2"},{"binary_name":"firefox-globalmenu","binary_version":"46.0+build5-0ubuntu0.14.04.2"},{"binary_name":"firefox-mozsymbols","binary_version":"46.0+build5-0ubuntu0.14.04.2"},{"binary_name":"firefox-testsuite","binary_version":"46.0+build5-0ubuntu0.14.04.2"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2936-1.json","cves_map":{"cves":[{"id":"CVE-2016-2804","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2016-2806","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2016-2807","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2016-2808","severity":[{"score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2016-2811","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2016-2812","severity":[{"score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2016-2814","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2016-2816","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2016-2817","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2016-2820","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:14.04:LTS"}}},{"package":{"name":"firefox","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/firefox@46.0+build5-0ubuntu0.16.04.2?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"46.0+build5-0ubuntu0.16.04.2"}]}],"versions":["41.0.2+build2-0ubuntu1","42.0+build2-0ubuntu1","44.0+build3-0ubuntu2","44.0.1+build1-0ubuntu1","44.0.2+build1-0ubuntu1","45.0+build2-0ubuntu1","45.0.1+build1-0ubuntu1","45.0.2+build1-0ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_name":"firefox","binary_version":"46.0+build5-0ubuntu0.16.04.2"},{"binary_name":"firefox-globalmenu","binary_version":"46.0+build5-0ubuntu0.16.04.2"},{"binary_name":"firefox-mozsymbols","binary_version":"46.0+build5-0ubuntu0.16.04.2"},{"binary_name":"firefox-testsuite","binary_version":"46.0+build5-0ubuntu0.16.04.2"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2936-1.json","cves_map":{"cves":[{"id":"CVE-2016-2804","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2016-2806","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2016-2807","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2016-2808","severity":[{"score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2016-2811","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2016-2812","severity":[{"score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2016-2814","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2016-2816","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2016-2817","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2016-2820","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:16.04:LTS"}}}],"schema_version":"1.7.5"}