CVE-2016-5254
General | |
|---|---|
| Score: | 7.5/10.0 |
| Severity: | High |
| Category: | Resource Management Error |
Impact Metrics | |
| Confidentiality: | Partial |
| Integrity: | Partial |
| Availability: | Partial |
Exploitability Metrics | |
| Access Vector: | Network |
| Access Complexity: | Low |
| Authentication: | None |
Relative vulnerabilities
CVE-2016-0718, CVE-2016-2815, CVE-2016-2818, CVE-2016-2819, CVE-2016-2821, CVE-2016-2822, CVE-2016-2824, CVE-2016-2828, CVE-2016-2830, CVE-2016-2831, CVE-2016-2834, CVE-2016-2835, CVE-2016-2836, CVE-2016-2837, CVE-2016-2838, CVE-2016-2839, CVE-2016-5250, CVE-2016-5251, CVE-2016-5252, CVE-2016-5255, CVE-2016-5258, CVE-2016-5259, CVE-2016-5260, CVE-2016-5261, CVE-2016-5262, CVE-2016-5263, CVE-2016-5264, CVE-2016-5265, CVE-2016-5266, CVE-2016-5268, CVE-2016-6354
Published on 05/08/16 - Updated on 16/08/17
Description
Use-after-free vulnerability in the nsXULPopupManager::KeyDown function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) by leveraging keyboard access to use the Alt key during selection of top-level menu items.
Category: Resource Management Error
CWE-416 (Use After Free)
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Security Notices
 | CVE-2016-5254 |
 | CERTFR-2016-AVI-259 |
 | ASA-201608-2 |
 | CESA-2016:1551 |
 | DSA-3640-1 |
| LTS | DLA-585-1 |
 | MFSA2016-70 |
 | RHSA-2016:1551 |
 | SUSE-SU-2016:2061, SUSE-SU-2016:2131, SUSE-SU-2016:2195 |
 | USN-3044-1 |
Exploits
No exploits available for this CVE in our database.