CVE-2016-1931

10.0 CRITICAL

Published: January 31, 2016 Modified: May 06, 2026

Description

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to uninitialized memory encountered during brotli data compression, and other vectors.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html

Source: security@mozilla.org

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html

Source: security@mozilla.org

http://www.mozilla.org/security/announce/2016/mfsa2016-01.html

Source: security@mozilla.org

Vendor Advisory

http://www.securityfocus.com/bid/81953

Source: security@mozilla.org

http://www.securitytracker.com/id/1034825

Source: security@mozilla.org

http://www.ubuntu.com/usn/USN-2880-1

Source: security@mozilla.org

http://www.ubuntu.com/usn/USN-2880-2

Source: security@mozilla.org

https://bugzilla.mozilla.org/show_bug.cgi?id=1180064

Source: security@mozilla.org

https://bugzilla.mozilla.org/show_bug.cgi?id=1186973

Source: security@mozilla.org

https://bugzilla.mozilla.org/show_bug.cgi?id=1206675

Source: security@mozilla.org

https://bugzilla.mozilla.org/show_bug.cgi?id=1207298

Source: security@mozilla.org

https://bugzilla.mozilla.org/show_bug.cgi?id=1209358

Source: security@mozilla.org

https://bugzilla.mozilla.org/show_bug.cgi?id=1209365

Source: security@mozilla.org

https://bugzilla.mozilla.org/show_bug.cgi?id=1209366

Source: security@mozilla.org

https://bugzilla.mozilla.org/show_bug.cgi?id=1209368

Source: security@mozilla.org

https://bugzilla.mozilla.org/show_bug.cgi?id=1209546

Source: security@mozilla.org

https://bugzilla.mozilla.org/show_bug.cgi?id=1222015

Source: security@mozilla.org

https://bugzilla.mozilla.org/show_bug.cgi?id=1229825

Source: security@mozilla.org

https://bugzilla.mozilla.org/show_bug.cgi?id=1231121

Source: security@mozilla.org

https://bugzilla.mozilla.org/show_bug.cgi?id=1234576

Source: security@mozilla.org

https://security.gentoo.org/glsa/201605-06

Source: security@mozilla.org

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mozilla.org/security/announce/2016/mfsa2016-01.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/81953

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1034825

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-2880-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-2880-2

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.mozilla.org/show_bug.cgi?id=1180064

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.mozilla.org/show_bug.cgi?id=1186973

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.mozilla.org/show_bug.cgi?id=1206675

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.mozilla.org/show_bug.cgi?id=1207298

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.mozilla.org/show_bug.cgi?id=1209358

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.mozilla.org/show_bug.cgi?id=1209365

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.mozilla.org/show_bug.cgi?id=1209366

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.mozilla.org/show_bug.cgi?id=1209368

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.mozilla.org/show_bug.cgi?id=1209546

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.mozilla.org/show_bug.cgi?id=1222015

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.mozilla.org/show_bug.cgi?id=1229825

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.mozilla.org/show_bug.cgi?id=1231121

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.mozilla.org/show_bug.cgi?id=1234576

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/201605-06

Source: af854a3a-2127-422b-91ae-364da2661108

42 reference(s) from NVD

Quick Stats

CVSS v3 Score

10.0 / 10.0

EPSS (Exploit Probability)

2.5%

86th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-119

Affected Vendors

opensuse mozilla

Related CVEs

CVE-2026-6222 5.3

CVE-2026-40003 5.1

CVE-2026-44597 3.7

CVE-2026-6278 N/A

CVE-2026-41484 5.3