| Name | CVE-2016-1947 |
| Description | Mozilla Firefox 43.x mishandles attempts to connect to the Application Reputation service, which makes it easier for remote attackers to trigger an unintended download by leveraging the absence of reputation data. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| iceweasel | source | squeeze | (not affected) | |||
| iceweasel | source | wheezy | (not affected) | |||
| iceweasel | source | jessie | (not affected) | |||
| iceweasel | source | (unstable) | 44.0-1 |
[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
[squeeze] - iceweasel <not-affected> (Only affects Firefox 43.x)
https://www.mozilla.org/en-US/security/advisories/mfsa2016-11/