High severity8.8NVD Advisory· Published Mar 13, 2016· Updated May 6, 2026

CVE-2016-1960

Description

Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) by leveraging mishandling of end tags, as demonstrated by incorrect SVG processing, aka ZDI-CAN-3545.

Affected products

Mozilla Corporation/Firefox14 versions
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*+ 13 more
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*range: <=44.0.2
- cpe:2.3:a:mozilla:firefox:38.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:38.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:38.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:38.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:38.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:38.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:38.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:38.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:38.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:38.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:38.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:38.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:38.6.1:*:*:*:*:*:*:*
Mozilla Corporation/Thunderbird
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
Range: <=38.6.0
OpenSUSE/Leap
cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
OpenSUSE/openSUSE2 versions
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
Oracle Corporation/Linux3 versions
cpe:2.3:o:oracle:linux:5.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:oracle:linux:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*
SUSE S.A./Linux Enterprise
cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.htmlnvdThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.htmlnvdThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.htmlnvdThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.htmlnvdThird Party Advisory
www.mozilla.org/security/announce/2016/mfsa2016-23.htmlnvdVendor Advisory
www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlnvdThird Party Advisory
zerodayinitiative.com/advisories/ZDI-16-198/nvdThird Party Advisory
bugzilla.mozilla.org/show_bug.cginvdIssue Tracking
lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.htmlnvd
lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.htmlnvd
lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.htmlnvd
lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.htmlnvd
lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.htmlnvd
lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.htmlnvd
lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.htmlnvd
www.debian.org/security/2016/dsa-3510nvd
www.debian.org/security/2016/dsa-3520nvd
www.securitytracker.com/id/1035215nvd
www.ubuntu.com/usn/USN-2917-1nvd
www.ubuntu.com/usn/USN-2917-2nvd
www.ubuntu.com/usn/USN-2917-3nvd
www.ubuntu.com/usn/USN-2934-1nvd
security.gentoo.org/glsa/201605-06nvd
www.exploit-db.com/exploits/42484/nvd
www.exploit-db.com/exploits/44294/nvd

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.069
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000