CVE-2016-5255

Loading...

General

Score:6.8/10.0
Severity:Medium
Category:Resource Management Error
Exploit:Available

Impact Metrics

Confidentiality:Partial
Integrity:Partial
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Medium
Authentication:None

Relative vulnerabilities

CVE-2016-0718, CVE-2016-2830, CVE-2016-2835, CVE-2016-2836, CVE-2016-2837, CVE-2016-2838, CVE-2016-2839, CVE-2016-5250, CVE-2016-5251, CVE-2016-5252, CVE-2016-5254, CVE-2016-5258, CVE-2016-5259, CVE-2016-5260, CVE-2016-5261, CVE-2016-5262, CVE-2016-5263, CVE-2016-5264, CVE-2016-5265, CVE-2016-5266, CVE-2016-5268

Published on 05/08/16 - Updated on 16/08/17

Description

Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function in Mozilla Firefox before 48.0 allows remote attackers to execute arbitrary code via crafted JavaScript that is mishandled during incremental garbage collection.

Category: Resource Management Error

CWE-416 (Use After Free)
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Security Notices

US National Vulnerability DatabaseCVE-2016-5255
Agence Nationale de la Sécurité des Systèmes d'Information CERTFR-2016-AVI-259
Arch Linux ASA-201608-2
Mozilla MFSA2016-71
Ubuntu USN-3044-1

Exploits

SecurityFocusBID-92260

Relative technologies

VendorProduct
mozillafirefox

Share this vulnerability with:

Twitter Facebook LinkedIn Mail