CVE-2016-9072 - OpenCVE

When a new Firefox profile is created on 64-bit Windows installations, the sandbox for 64-bit NPAPI plugins is not enabled by default. Note: This issue only affects 64-bit Windows. 32-bit Windows and other operating systems are unaffected. This vulnerability affects Firefox < 50.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Windows
Mozilla	Firefox

Configuration 1 [-]

AND

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:x64:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/94337
http://www.securitytracker.com/id/1037298
https://bugzilla.mozilla.org/show_bug.cgi?id=1300083
https://www.mozilla.org/security/advisories/mfsa2016-89/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mozilla

Published: 2018-06-11T21:00:00

Updated: 2024-08-06T02:42:10.276Z

Reserved: 2016-10-27T00:00:00

Link: CVE-2016-9072

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-06-11T21:29:01.407

Modified: 2018-08-01T14:20:15.927

Link: CVE-2016-9072

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"lessThan": "50", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2016-11-15T00:00:00", "descriptions": [{"lang": "en", "value": "When a new Firefox profile is created on 64-bit Windows installations, the sandbox for 64-bit NPAPI plugins is not enabled by default. Note: This issue only affects 64-bit Windows. 32-bit Windows and other operating systems are unaffected. This vulnerability affects Firefox < 50."}], "problemTypes": [{"descriptions": [{"description": "64-bit NPAPI sandbox isn't enabled on fresh profile", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-06-12T09:57:01", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla"}, "references": [{"name": "94337", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/94337"}, {"name": "1037298", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1037298"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1300083"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.mozilla.org/security/advisories/mfsa2016-89/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@mozilla.org", "ID": "CVE-2016-9072", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Firefox", "version": {"version_data": [{"version_affected": "<", "version_value": "50"}]}}]}, "vendor_name": "Mozilla"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "When a new Firefox profile is created on 64-bit Windows installations, the sandbox for 64-bit NPAPI plugins is not enabled by default. Note: This issue only affects 64-bit Windows. 32-bit Windows and other operating systems are unaffected. This vulnerability affects Firefox < 50."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "64-bit NPAPI sandbox isn't enabled on fresh profile"}]}]}, "references": {"reference_data": [{"name": "94337", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94337"}, {"name": "1037298", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037298"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1300083", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1300083"}, {"name": "https://www.mozilla.org/security/advisories/mfsa2016-89/", "refsource": "CONFIRM", "url": "https://www.mozilla.org/security/advisories/mfsa2016-89/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T02:42:10.276Z"}, "title": "CVE Program Container", "references": [{"name": "94337", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/94337"}, {"name": "1037298", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1037298"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1300083"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.mozilla.org/security/advisories/mfsa2016-89/"}]}]}, "cveMetadata": {"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2016-9072", "datePublished": "2018-06-11T21:00:00", "dateReserved": "2016-10-27T00:00:00", "dateUpdated": "2024-08-06T02:42:10.276Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "88065D51-EEA3-4850-9977-CCD9DAA1505A", "versionEndExcluding": "50.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:x64:*", "matchCriteriaId": "48B89AD5-458F-4870-8F88-36C836D3C027", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "When a new Firefox profile is created on 64-bit Windows installations, the sandbox for 64-bit NPAPI plugins is not enabled by default. Note: This issue only affects 64-bit Windows. 32-bit Windows and other operating systems are unaffected. This vulnerability affects Firefox < 50."}, {"lang": "es", "value": "Cuando se crea un nuevo perfil de Firefox en instalaciones de 64 bits de Windows, el sandbox para los plugins NPAPI de 64 bits no est\u00e1n habilitados por defecto. Nota: este problema solo afecta a la versi\u00f3n 64 bits de Windows. Windows de 32 bits y otros sistemas operativos no se han visto afectados. La vulnerabilidad afecta a Firefox en versiones anteriores a la 50."}], "id": "CVE-2016-9072", "lastModified": "2018-08-01T14:20:15.927", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-06-11T21:29:01.407", "references": [{"source": "security@mozilla.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94337"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1037298"}, {"source": "security@mozilla.org", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1300083"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2016-89/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-254"}], "source": "nvd@nist.gov", "type": "Primary"}]}