Bug 1301826 (CVE-2016-1947)

Summary: CVE-2016-1947 Mozilla: Application Reputation service disabled in Firefox 43 (MFSA 2016-11)
Product: [Other] Security Response Reporter: Huzaifa S. Sidhpurwala <huzaifas>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-01-27 04:51:16 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1300522    

Description Huzaifa S. Sidhpurwala 2016-01-26 04:25:36 UTC 
Mozilla developer François Marier reported that the Firefox was unable to reach the Application Reputation service due to a bug introduced in Firefox 43, disabling the ability to warn against potentially malicious downloads. Other parts of the Safe Browsing feature, for example the warnings about phishing and malicious sites, continued to function.

This issue was caused by a flaw introduced in Firefox 43. Earlier versions were not affected by this issue.


External Reference:

https://www.mozilla.org/security/announce/2016/mfsa2016-11.html


Acknowledgements:

Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges François Marier as the original reporter.

Statement:

This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5, 6 and 7.