Vulnerability Change Records for CVE-2016-1964

Change History

Modified Analysis 7/19/2016 1:7:45 PM

Action Type Old Value New Value
Changed CPE Configuration
Configuration 1
     OR
          *cpe:2.3:a:mozilla:firefox_esr:38.6.1:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.6.0:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.5.1:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.5.0:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.4.0:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.3.0:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.2.1:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.2.0:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.1.1:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.0.5:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.0.1:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:thunderbird:38.6.0:*:*:*:*:*:*:* (and previous)
          *cpe:2.3:a:mozilla:firefox:44.0.2:*:*:*:*:*:*:* (and previous)
Configuration 2
     OR
          *cpe:2.3:o:novell:opensuse:13.1:*:*:*:*:*:*:*
Configuration 1
     OR
          *cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*
          *cpe:2.3:o:novell:leap:42.1:*:*:*:*:*:*:*
          *cpe:2.3:o:novell:opensuse:13.2:*:*:*:*:*:*:*
          *cpe:2.3:o:novell:opensuse:13.1:*:*:*:*:*:*:*
Configuration 2
     OR
          *cpe:2.3:a:mozilla:firefox_esr:38.6.1:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.6.0:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.5.1:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.5.0:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.4.0:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.3.0:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.2.1:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.2.0:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.1.1:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.0.5:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.0.1:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:thunderbird:38.6.0:*:*:*:*:*:*:* (and previous)
          *cpe:2.3:a:mozilla:firefox:44.0.2:*:*:*:*:*:*:* (and previous)

Initial CVE Analysis 3/17/2016 12:27:36 PM

Action Type Old Value New Value

CVE Modified by Mozilla Corporation 11/30/2016 10:7:52 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://security.gentoo.org/glsa/201605-06 [No Types Assigned]

CVE Modified by Source 10/11/2016 10:2:24 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

Modified Analysis 5/18/2016 6:32:22 PM

Action Type Old Value New Value
Changed CPE Configuration
Configuration 1
     OR
          *cpe:2.3:a:mozilla:firefox_esr:38.6.1:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.6.0:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.5.1:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.5.0:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.4.0:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.3.0:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.2.1:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.2.0:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.1.1:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.0.5:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.0.1:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:thunderbird:38.6.0:*:*:*:*:*:*:* (and previous)
          *cpe:2.3:a:mozilla:firefox:44.0.2:*:*:*:*:*:*:* (and previous)
Configuration 1
     OR
          *cpe:2.3:a:mozilla:firefox_esr:38.6.1:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.6.0:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.5.1:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.5.0:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.4.0:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.3.0:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.2.1:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.2.0:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.1.1:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.0.5:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.0.1:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:thunderbird:38.6.0:*:*:*:*:*:*:* (and previous)
          *cpe:2.3:a:mozilla:firefox:44.0.2:*:*:*:*:*:*:* (and previous)
Configuration 2
     OR
          *cpe:2.3:o:novell:opensuse:13.1:*:*:*:*:*:*:*

CPE Deprecation Remap 10/30/2018 12:27:35 PM

Action Type Old Value New Value
Changed CPE Configuration
OR
     *cpe:2.3:o:novell:opensuse:13.1:*:*:*:*:*:*:*
OR
     *cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*

Modified Analysis 3/17/2016 2:56:01 PM

Action Type Old Value New Value
Added CPE Configuration

								
							
							
						
Configuration 1
     OR
          *cpe:2.3:a:mozilla:firefox_esr:38.6.1:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.6.0:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.5.1:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.5.0:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.4.0:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.3.0:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.2.1:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.2.0:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.1.1:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.0.5:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.0.1:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:thunderbird:38.6.0:*:*:*:*:*:*:* (and previous)
          *cpe:2.3:a:mozilla:firefox:44.0.2:*:*:*:*:*:*:* (and previous)
Added CVSS V2

								
							
							
						
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Added CVSS V3

								
							
							
						
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Added CWE

								
							
							
						
NVD-CWE-Other
Added Evaluator Description

								
							
							
						
<a href="http://cwe.mitre.org/data/definitions/416.html">CWE-416: Use After Free</a>
Changed Reference Type
http://www.mozilla.org/security/announce/2016/mfsa2016-27.html No Types Assigned
http://www.mozilla.org/security/announce/2016/mfsa2016-27.html Advisory

CVE Modified by Mozilla Corporation 12/02/2016 10:23:47 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html [No Types Assigned]
Added Reference

								
							
							
						
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html [No Types Assigned]
Added Reference

								
							
							
						
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html [No Types Assigned]
Added Reference

								
							
							
						
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html [No Types Assigned]
Added Reference

								
							
							
						
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html [No Types Assigned]
Added Reference

								
							
							
						
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html [No Types Assigned]
Added Reference

								
							
							
						
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html [No Types Assigned]
Added Reference

								
							
							
						
http://www.debian.org/security/2016/dsa-3510 [No Types Assigned]
Added Reference

								
							
							
						
http://www.debian.org/security/2016/dsa-3520 [No Types Assigned]
Added Reference

								
							
							
						
http://www.securitytracker.com/id/1035215 [No Types Assigned]
Added Reference

								
							
							
						
http://www.ubuntu.com/usn/USN-2917-1 [No Types Assigned]
Added Reference

								
							
							
						
http://www.ubuntu.com/usn/USN-2917-2 [No Types Assigned]
Added Reference

								
							
							
						
http://www.ubuntu.com/usn/USN-2917-3 [No Types Assigned]
Added Reference

								
							
							
						
http://www.ubuntu.com/usn/USN-2934-1 [No Types Assigned]

CPE Deprecation Remap 12/27/2019 11:9:04 AM

Action Type Old Value New Value
Changed CPE Configuration
OR
     *cpe:2.3:o:oracle:linux:7.0:*:*:*:*:*:*:*
OR
     *cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*

CPE Deprecation Remap 10/30/2018 12:27:32 PM

Action Type Old Value New Value
Changed CPE Configuration
OR
     *cpe:2.3:o:novell:leap:42.1:*:*:*:*:*:*:*
OR
     *cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*

Initial CVE Analysis 10/13/2016 2:42:14 PM

Action Type Old Value New Value
Changed CPE Configuration
Configuration 1
     OR
          *cpe:2.3:a:mozilla:firefox_esr:38.6.1:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.6.0:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.5.1:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.5.0:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.4.0:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.3.0:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.2.1:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.2.0:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.1.1:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.0.5:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.0.1:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:thunderbird:38.6.0:*:*:*:*:*:*:* (and previous)
          *cpe:2.3:a:mozilla:firefox:44.0.2:*:*:*:*:*:*:* (and previous)
Configuration 2
     OR
          *cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*
          *cpe:2.3:o:novell:leap:42.1:*:*:*:*:*:*:*
          *cpe:2.3:o:novell:opensuse:13.2:*:*:*:*:*:*:*
          *cpe:2.3:o:novell:opensuse:13.1:*:*:*:*:*:*:*
Configuration 1
     OR
          *cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*
          *cpe:2.3:o:novell:leap:42.1:*:*:*:*:*:*:*
          *cpe:2.3:o:novell:opensuse:13.2:*:*:*:*:*:*:*
          *cpe:2.3:o:novell:opensuse:13.1:*:*:*:*:*:*:*
Configuration 2
     OR
          *cpe:2.3:o:oracle:linux:7.0:*:*:*:*:*:*:*
          *cpe:2.3:o:oracle:linux:6.0:*:*:*:*:*:*:*
          *cpe:2.3:o:oracle:linux:5.0:*:*:*:*:*:*:*
Configuration 3
     OR
          *cpe:2.3:a:mozilla:firefox_esr:38.6.1:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.6.0:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.5.1:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.5.0:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.4.0:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.3.0:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.2.1:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.2.0:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.1.1:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.0.5:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.0.1:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:thunderbird:38.6.0:*:*:*:*:*:*:* (and previous)
          *cpe:2.3:a:mozilla:firefox:44.0.2:*:*:*:*:*:*:* (and previous)
Changed Reference Type
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html No Types Assigned
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html Third Party Advisory
Changed Reference Type
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html No Types Assigned
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html Third Party Advisory
Changed Reference Type
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html No Types Assigned
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html Third Party Advisory
Changed Reference Type
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html No Types Assigned
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html Third Party Advisory
Changed Reference Type
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html No Types Assigned
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html Third Party Advisory

CPE Deprecation Remap 12/27/2019 11:8:55 AM

Action Type Old Value New Value
Changed CPE Configuration
OR
     *cpe:2.3:o:oracle:linux:6.0:*:*:*:*:*:*:*
OR
     *cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*

CVE Modified by Source 7/18/2016 9:59:31 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html
Added Reference

								
							
							
						
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html
Added Reference

								
							
							
						
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html

CPE Deprecation Remap 10/30/2018 12:27:37 PM

Action Type Old Value New Value
Changed CPE Configuration
OR
     *cpe:2.3:o:novell:opensuse:13.2:*:*:*:*:*:*:*
OR
     *cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

CVE Translated 3/15/2016 7:45:00 AM

Action Type Old Value New Value
Added Translation

								
							
							
						
Vulnerabilidad de uso después de liberación de memoria en la función AtomicBaseIncDec en Mozilla Firefox en versiones anteriores a 45.0 y Firefox ESR 38.x en versiones anteriores a 38.7 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria dinámica) mediante el aprovechamiento del manejo incorrecto de transformaciones XML.
Removed Translation
Vulnerabilidad de uso después de liberación de memoria en la función AtomicBaseIncDec en Mozilla Firefox en versiones anteriores a 45.0 y Firefox ESR 38.x en versiones anteriores a 38.7 permiten a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria dinámica) mediante el aprovechamiento del manejo incorrecto de transformaciones XML.

								
						

CVE Modified by Source 4/25/2016 9:59:41 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html