Details

Francis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS.

If a user were tricked in to opening a specially crafted website, an

attacker could potentially exploit this to cause a denial of service via

application crash, or execute arbitrary code with the privileges of the

user invoking Firefox. (CVE-2016-1950)

Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel

Holbert, Jesse Ruderman, Randell Jesup, Carsten Book, Gian-Carlo Pascutto,

Tyson Smith, Andrea Marchesini, and Jukka Jylänki discovered multiple

memory safety issues in Firefox. If a user were tricked in to opening a

specially crafted website, an attacker could potentially exploit these to

cause a denial of service via application crash, or execute arbitrary code

with the privileges of the user invoking Firefox. (CVE-2016-1952,

CVE-2016-1953)

Nicolas Golubovic discovered that CSP violation reports can be used to

overwrite local files. If a user were tricked in to opening a specially

crafted website with addon signing disabled and unpacked addons installed,

an attacker could potentially exploit this to gain additional privileges.

(CVE-2016-1954)

Muneaki Nishimura discovered that CSP violation reports contained full

paths for cross-origin iframe navigations. An attacker could potentially

exploit this to steal confidential data. (CVE-2016-1955)

Ucha Gobejishvili discovered that performing certain WebGL operations

resulted in memory resource exhaustion with some Intel GPUs, requiring

a reboot. If a user were tricked in to opening a specially crafted

website, an attacker could potentially exploit this to cause a denial

of service. (CVE-2016-1956)

Jose Martinez and Romina Santillan discovered a memory leak in

libstagefright during MPEG4 video file processing in some circumstances.

If a user were tricked in to opening a specially crafted website, an

attacker could potentially exploit this to cause a denial of service via

memory exhaustion. (CVE-2016-1957)

Abdulrahman Alqabandi discovered that the addressbar could be blank or

filled with page defined content in some circumstances. If a user were

tricked in to opening a specially crafted website, an attacker could

potentially exploit this to conduct URL spoofing attacks. (CVE-2016-1958)

Looben Yang discovered an out-of-bounds read in Service Worker Manager. If

a user were tricked in to opening a specially crafted website, an attacker

could potentially exploit this to cause a denial of service via

application crash, or execute arbitrary code with the privileges of the

user invoking Firefox. (CVE-2016-1959)

A use-after-free was discovered in the HTML5 string parser. If a user were

tricked in to opening a specially crafted website, an attacker could

potentially exploit this to cause a denial of service via application

crash, or execute arbitrary code with the privileges of the user invoking

Firefox. (CVE-2016-1960)

A use-after-free was discovered in the SetBody function of HTMLDocument.

If a user were tricked in to opening a specially crafted website, an

attacker could potentially exploit this to cause a denial of service via

application crash, or execute arbitrary code with the privileges of the

user invoking Firefox. (CVE-2016-1961)

Dominique Hazaël-Massieux discovered a use-after-free when using multiple

WebRTC data channels. If a user were tricked in to opening a specially

crafted website, an attacker could potentially exploit this to cause a

denial of service via application crash, or execute arbitrary code with

the privileges of the user invoking Firefox. (CVE-2016-1962)

It was discovered that Firefox crashes when local files are modified

whilst being read by the FileReader API. If a user were tricked in to

opening a specially crafted website, an attacker could potentially exploit

this to execute arbitrary code with the privileges of the user invoking

Firefox. (CVE-2016-1963)

Nicolas Grégoire discovered a use-after-free during XML transformations.

If a user were tricked in to opening a specially crafted website, an

attacker could potentially exploit this to cause a denial of service via

application crash, or execute arbitrary code with the privileges of the

user invoking Firefox. (CVE-2016-1964)

Tsubasa Iinuma discovered a mechanism to cause the addressbar to display

an incorrect URL, using history navigations and the Location protocol

property. If a user were tricked in to opening a specially crafted

website, an attacker could potentially exploit this to conduct URL

spoofing attacks. (CVE-2016-1965)

A memory corruption issues was discovered in the NPAPI subsystem. If

a user were tricked in to opening a specially crafted website with a

malicious plugin installed, an attacker could potentially exploit this

to cause a denial of service via application crash, or execute arbitrary

code with the privileges of the user invoking Firefox. (CVE-2016-1966)

Jordi Chancel discovered a same-origin-policy bypass when using

performance.getEntries and history navigation with session restore. If

a user were tricked in to opening a specially crafted website, an attacker

could potentially exploit this to steal confidential data. (CVE-2016-1967)

Luke Li discovered a buffer overflow during Brotli decompression in some

circumstances. If a user were tricked in to opening a specially crafted

website, an attacker could potentially exploit this to cause a denial of

service via application crash, or execute arbitrary code with the

privileges of the user invoking Firefox. (CVE-2016-1968)

Ronald Crane discovered a use-after-free in GetStaticInstance in WebRTC.

If a user were tricked in to opening a specially crafted website, an

attacker could potentially exploit this to cause a denial of service via

application crash, or execute arbitrary code with the privileges of the

user invoking Firefox. (CVE-2016-1973)

Ronald Crane discovered an out-of-bounds read following a failed

allocation in the HTML parser in some circumstances. If a user were

tricked in to opening a specially crafted website, an attacker could

potentially exploit this to cause a denial of service via application

crash, or execute arbitrary code with the privileges of the user invoking

Firefox. (CVE-2016-1974)

Holger Fuhrmannek, Tyson Smith and Holger Fuhrmannek reported multiple

memory safety issues in the Graphite 2 library. If a user were tricked in

to opening a specially crafted website, an attacker could potentially

exploit these to cause a denial of service via application crash, or

execute arbitrary code with the privileges of the user invoking Firefox.

(CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792,

CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797,

CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802)