NVD Vulnerability Detail

CVE-2016-1947

Summary	Mozilla Firefox 43.x mishandles attempts to connect to the Application Reputation service, which makes it easier for remote attackers to trigger an unintended download by leveraging the absence of reputation data.
Publication Date	Feb. 1, 2016, 3:59 a.m.
Registration Date	Jan. 26, 2021, 2:08 p.m.
Last Update	Nov. 21, 2024, 11:47 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:15.04:::::::*

Related information, measures and tools

No	URL	タグ
1	http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html	Third Party Advisory
2	http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html	Third Party Advisory
3	http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html	Third Party Advisory
4	http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html	Third Party Advisory
5	http://www.mozilla.org/security/announce/2016/mfsa2016-11.html	Vendor Advisory
6	http://www.mozilla.org/security/announce/2016/mfsa2016-11.html	Vendor Advisory
7	http://www.securityfocus.com/bid/81949	Third Party Advisory VDB Entry
8	http://www.securityfocus.com/bid/81949	Third Party Advisory VDB Entry
9	http://www.securitytracker.com/id/1034825
10	http://www.securitytracker.com/id/1034825
11	http://www.ubuntu.com/usn/USN-2880-1	Third Party Advisory
12	http://www.ubuntu.com/usn/USN-2880-1	Third Party Advisory
13	http://www.ubuntu.com/usn/USN-2880-2	Third Party Advisory
14	http://www.ubuntu.com/usn/USN-2880-2	Third Party Advisory
15	https://bugzilla.mozilla.org/show_bug.cgi?id=1237103	Issue Tracking Vendor Advisory
16	https://bugzilla.mozilla.org/show_bug.cgi?id=1237103	Issue Tracking Vendor Advisory
17	https://security.gentoo.org/glsa/201605-06	Third Party Advisory VDB Entry
18	https://security.gentoo.org/glsa/201605-06	Third Party Advisory VDB Entry

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-19	データ処理	https://cwe.mitre.org/data/definitions/19.html

JVN Vulnerability Information

Mozilla Firefox における意図しないダウンロードを誘発される脆弱性

Title	Mozilla Firefox における意図しないダウンロードを誘発される脆弱性
Summary	Mozilla Firefox は、Application Reputation サービスへの接続試行を誤って処理するため、意図しないダウンロードを誘発される脆弱性が存在します。補足情報 : CWE による脆弱性タイプは、CWE-19: Data Handling (データ処理) と識別されています。 http://cwe.mitre.org/data/definitions/19.html
Possible impacts	第三者により、レピュテーションデータの欠如を利用されることで、意図しないダウンロードを誘発される不特定の影響を受ける可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Jan. 26, 2016, midnight
Registration Date	Feb. 12, 2016, 12:40 p.m.
Last Update	Feb. 12, 2016, 12:40 p.m.

Affected System

Mozilla Foundation

Mozilla Firefox 43.x

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2016-1947	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1947
2	CVE-2016-1947	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1947
National Vulnerability Database (NVD)
3	CVE-2016-1947	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1947
4	CVE-2016-1947	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1947

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-Other	https://www.ipa.go.jp/security/vuln/CWE.html#CWEOther
2	CWE-Other	https://www.ipa.go.jp/security/vuln/CWE.html#CWEOther

ベンダー情報

No	Name	URL
Mozilla Foundation Security Advisory
1	MFSA2016-11	http://www.mozilla.org/security/announce/2016/mfsa2016-11.html
2	MFSA2016-11	http://www.mozilla.org/security/announce/2016/mfsa2016-11.html
Mozilla Foundation セキュリティアドバイザリ
3	MFSA2016-11	http://www.mozilla-japan.org/security/announce/2016/mfsa2016-11.html
4	MFSA2016-11	http://www.mozilla-japan.org/security/announce/2016/mfsa2016-11.html

Change Log

No	Changed Details	Date of change
0	[2016年02月12日] 掲載	Feb. 17, 2018, 10:37 a.m.