CVE-2016-2819

Loading...

General

Score:6.8/10.0
Severity:Medium
Category:Buffer Error
Exploit:Available

Impact Metrics

Confidentiality:Partial
Integrity:Partial
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Medium
Authentication:None

Relative vulnerabilities

CVE-2016-2815, CVE-2016-2818, CVE-2016-2821, CVE-2016-2822, CVE-2016-2824, CVE-2016-2825, CVE-2016-2828, CVE-2016-2829, CVE-2016-2830, CVE-2016-2831, CVE-2016-2832, CVE-2016-2833, CVE-2016-2834, CVE-2016-2835, CVE-2016-2836, CVE-2016-2837, CVE-2016-2838, CVE-2016-2839, CVE-2016-5252, CVE-2016-5254, CVE-2016-5258, CVE-2016-5259, CVE-2016-5262, CVE-2016-5263, CVE-2016-5264, CVE-2016-5265, CVE-2016-6354

Published on 13/06/16 - Updated on 22/03/18

Description

Heap-based buffer overflow in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via foreign-context HTML5 fragments, as demonstrated by fragments within an SVG element.

Category: Buffer Error

CWE-119 (Buffer Errors)
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Security Notices

US National Vulnerability DatabaseCVE-2016-2819
Agence Nationale de la Sécurité des Systèmes d'Information CERTFR-2016-AVI-193
Arch Linux ASA-201606-7
CentOS CESA-2016:1217
Debian DSA-3600-1
Debian LTSDLA-521-1
Mozilla MFSA2016-50
Redhat RHSA-2016:1217
SUSE SUSE-SU-2016:1691, SUSE-SU-2016:1799, SUSE-SU-2016:2061
Ubuntu USN-2993-1

Exploits

Exploit-DBEDB-44293
SecurityFocusBID-91075

Relative technologies

VendorProduct
canonicalubuntu_linux
debiandebian_linux
mozillafirefox
mozillafirefox_esr
novellleap
novellopensuse

Share this vulnerability with:

Twitter Facebook LinkedIn Mail