Critical severity10.0NVD Advisory· Published Jan 31, 2016· Updated May 6, 2026

CVE-2016-1931

Description

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to uninitialized memory encountered during brotli data compression, and other vectors.

Affected products

Mozilla Corporation/Firefox
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Range: <=43.0.4
OpenSUSE/Leap
cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
OpenSUSE/openSUSE2 versions
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.mozilla.org/security/announce/2016/mfsa2016-01.htmlnvdVendor Advisory
lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.htmlnvd
lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.htmlnvd
www.securityfocus.com/bid/81953nvd
www.securitytracker.com/id/1034825nvd
www.ubuntu.com/usn/USN-2880-1nvd
www.ubuntu.com/usn/USN-2880-2nvd
bugzilla.mozilla.org/show_bug.cginvd
bugzilla.mozilla.org/show_bug.cginvd
bugzilla.mozilla.org/show_bug.cginvd
bugzilla.mozilla.org/show_bug.cginvd
bugzilla.mozilla.org/show_bug.cginvd
bugzilla.mozilla.org/show_bug.cginvd
bugzilla.mozilla.org/show_bug.cginvd
bugzilla.mozilla.org/show_bug.cginvd
bugzilla.mozilla.org/show_bug.cginvd
bugzilla.mozilla.org/show_bug.cginvd
bugzilla.mozilla.org/show_bug.cginvd
bugzilla.mozilla.org/show_bug.cginvd
bugzilla.mozilla.org/show_bug.cginvd
security.gentoo.org/glsa/201605-06nvd

News mentions

No linked articles in our index yet.

cvss	0.650
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000