Medium severity4.7NVD Advisory· Published Jan 31, 2016· Updated Jun 17, 2026
CVE-2016-1947
CVE-2016-1947
Description
Mozilla Firefox 43.x mishandles attempts to connect to the Application Reputation service, which makes it easier for remote attackers to trigger an unintended download by leveraging the absence of reputation data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
15cpe:2.3:a:mozilla:firefox:43.0:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:mozilla:firefox:43.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:43.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:43.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:43.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:43.0.4:*:*:*:*:*:*:*
- (no CPE)range: ~43.x
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
- osv-coords2 versionspkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweed
< 128.5.1-1.1+ 1 more
- (no CPE)range: < 128.5.1-1.1
- (no CPE)range: < 50.1.0-1.1
Patches
Vulnerability mechanics
References
9- lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.htmlnvdThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.htmlnvdThird Party Advisory
- www.mozilla.org/security/announce/2016/mfsa2016-11.htmlnvdVendor Advisory
- www.securityfocus.com/bid/81949nvdThird Party AdvisoryVDB Entry
- www.ubuntu.com/usn/USN-2880-1nvdThird Party Advisory
- www.ubuntu.com/usn/USN-2880-2nvdThird Party Advisory
- bugzilla.mozilla.org/show_bug.cginvdIssue TrackingVendor Advisory
- security.gentoo.org/glsa/201605-06nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1034825nvd
News mentions
0No linked articles in our index yet.