CVE-2016-2821

Loading...

General

Score:6.8/10.0
Severity:Medium
Category:N/A

Impact Metrics

Confidentiality:Partial
Integrity:Partial
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Medium
Authentication:None

Relative vulnerabilities

CVE-2016-2815, CVE-2016-2818, CVE-2016-2819, CVE-2016-2822, CVE-2016-2824, CVE-2016-2825, CVE-2016-2828, CVE-2016-2829, CVE-2016-2830, CVE-2016-2831, CVE-2016-2832, CVE-2016-2833, CVE-2016-2834, CVE-2016-2835, CVE-2016-2836, CVE-2016-2837, CVE-2016-2838, CVE-2016-2839, CVE-2016-5252, CVE-2016-5254, CVE-2016-5258, CVE-2016-5259, CVE-2016-5262, CVE-2016-5263, CVE-2016-5264, CVE-2016-5265, CVE-2016-6354

Published on 13/06/16 - Updated on 30/10/18

Description

Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2, when contenteditable mode is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by triggering deletion of DOM elements that were created in the editor.

Category:

There is insufficient information about the issue to classify it; details are unknown or unspecified.

Security Notices

US National Vulnerability DatabaseCVE-2016-2821
Agence Nationale de la Sécurité des Systèmes d'Information CERTFR-2016-AVI-193
Arch Linux ASA-201606-7
CentOS CESA-2016:1217
Debian DSA-3600-1
Debian LTSDLA-521-1
Mozilla MFSA2016-51
Redhat RHSA-2016:1217
SUSE SUSE-SU-2016:1691, SUSE-SU-2016:1799, SUSE-SU-2016:2061
Ubuntu USN-2993-1

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
canonicalubuntu_linux
debiandebian_linux
mozillafirefox
mozillafirefox_esr
opensuseleap
opensuseopensuse

Share this vulnerability with:

Twitter Facebook LinkedIn Mail