CVE-2016-2818
Summary
| CVE | CVE-2016-2818 |
|---|---|
| State | PUBLISHED |
| Assigner | mozilla |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2016-06-13 10:59:01 UTC |
| Updated | 2026-05-06 22:30:45 UTC |
| Description | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. |
Risk And Classification
Primary CVSS: v3.0 8.8 HIGH from [email protected]
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Problem Types: CWE-119 | n/a
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.0 | [email protected] | Primary | 8.8 | HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
| 2.0 | [email protected] | Primary | 6.8 | AV:N/AC:M/Au:N/C:P/I:P/A:P |
CVSS v3.0 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
NoneUser Interaction
RequiredScope
UnchangedConfidentiality
HighIntegrity
HighAvailability
HighCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
MediumAuthentication
NoneConfidentiality
PartialIntegrity
PartialAvailability
PartialAV:N/AC:M/Au:N/C:P/I:P/A:P
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Canonical | Ubuntu Linux | 12.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 15.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Application | Mozilla | Firefox | 45.1.0 | All | All | All |
| Application | Mozilla | Firefox | 45.1.1 | All | All | All |
| Application | Mozilla | Firefox | All | All | All | All |
| Operating System | Novell | Suse Linux Enterprise Desktop | 12.0 | All | All | All |
| Operating System | Novell | Suse Linux Enterprise Desktop | 12.0 | sp1 | All | All |
| Operating System | Novell | Suse Linux Enterprise Server | 12.0 | All | All | All |
| Operating System | Novell | Suse Linux Enterprise Server | 12.0 | sp1 | All | All |
| Application | Novell | Suse Linux Enterprise Software Development Kit | 12.0 | All | All | All |
| Application | Novell | Suse Linux Enterprise Software Development Kit | 12.0 | sp1 | All | All |
| Application | Novell | Suse Package Hub For Suse Linux Enterprise | 12 | All | All | All |
| Operating System | Opensuse | Leap | 42.1 | All | All | All |
| Operating System | Opensuse | Opensuse | 13.1 | All | All | All |
| Operating System | Opensuse | Opensuse | 13.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 5.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Ibm Z Systems | 5.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Ibm Z Systems | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Ibm Z Systems | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Ibm Z Systems Eus | 7.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Power Big Endian | 5.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Power Big Endian | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Power Big Endian | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Power Big Endian Eus | 7.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Power Little Endian | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Power Little Endian Eus | 7.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Scientific Computing | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 5.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 7.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 5.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 7.0 | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Miscellaneous memory safety hazards (rv:47.0 / rv:45.2) — Mozilla | af854a3a-2127-422b-91ae-364da2661108 | www.mozilla.org | Vendor Advisory |
| 1261230 – be sure to clear stashed views when reconstructing/destroying a subdocument frame | af854a3a-2127-422b-91ae-364da2661108 | bugzilla.mozilla.org | Issue Tracking, Permissions Required |
| Debian -- Security Information -- DSA-3600-1 firefox-esr | af854a3a-2127-422b-91ae-364da2661108 | www.debian.org | Third Party Advisory |
| USN-3023-1: Thunderbird vulnerabilities | Ubuntu | af854a3a-2127-422b-91ae-364da2661108 | www.ubuntu.com | |
| 1256968 – hunspell: heap-buffer-overflow write in [@u16_u8] | af854a3a-2127-422b-91ae-364da2661108 | bugzilla.mozilla.org | Issue Tracking, Permissions Required |
| Mozilla Firefox Multiple Flaws Let Remote Users Execute Arbitrary Code, Bypass Security Restrictions, and Obtain Potentially Sensitive Information and Let Local Users Gain Elevated Privileges - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | Third Party Advisory, VDB Entry |
| USN-2993-1: Firefox vulnerabilities | Ubuntu | af854a3a-2127-422b-91ae-364da2661108 | www.ubuntu.com | Third Party Advisory |
| 1265577 – don't rely on the views we stash when we destroy a subdocument frame to stick around | af854a3a-2127-422b-91ae-364da2661108 | bugzilla.mozilla.org | Issue Tracking, Permissions Required |
| 1261752 – hold strong pointers to view managers and widgets and/or check for destruction in various places | af854a3a-2127-422b-91ae-364da2661108 | bugzilla.mozilla.org | Issue Tracking, Permissions Required |
| 1267130 – nsStandardURL::SetHost called net_ToLowerCase with a bogus pointer, #5 | af854a3a-2127-422b-91ae-364da2661108 | bugzilla.mozilla.org | Issue Tracking, Permissions Required |
| Debian -- Security Information -- DSA-3647-1 icedove | af854a3a-2127-422b-91ae-364da2661108 | www.debian.org | |
| 1256739 – hunspell: stack-buffer-overflow write in [@SfxEntry::checkword] | af854a3a-2127-422b-91ae-364da2661108 | bugzilla.mozilla.org | Issue Tracking, Permissions Required |
| 1264575 – Assertion failure: [barrier verifier] Unmarked edge: object slot, at js/src/gc/Verifier.cpp:301 | af854a3a-2127-422b-91ae-364da2661108 | bugzilla.mozilla.org | Issue Tracking, Permissions Required |
| [security-announce] openSUSE-SU-2016:1767-1: important: Security update | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | Third Party Advisory |
| 1273701 – pixman image ref-counting races with cairo solid colors | af854a3a-2127-422b-91ae-364da2661108 | bugzilla.mozilla.org | Issue Tracking, Permissions Required |
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | access.redhat.com | Third Party Advisory |
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | access.redhat.com | Third Party Advisory |
| Oracle Linux Bulletin - July 2016 | af854a3a-2127-422b-91ae-364da2661108 | www.oracle.com | |
| [security-announce] SUSE-SU-2016:1691-1: important: Security update for | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | Third Party Advisory |
| [security-announce] openSUSE-SU-2016:1778-1: important: Security update | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | Third Party Advisory |
| 1234147 – crash in js::jit::JitcodeGlobalTable::allocateTower & js::GetOwnPropertyDescriptor | af854a3a-2127-422b-91ae-364da2661108 | bugzilla.mozilla.org | Issue Tracking, Permissions Required |
| 1273202 – HTMLInputElement may dispatch events inside its destructor | af854a3a-2127-422b-91ae-364da2661108 | bugzilla.mozilla.org | Issue Tracking, Permissions Required |
| 1269729 – Assertion failure: aIndex < mLength, at dist/include/mozilla/Vector.h:439 with OOM | af854a3a-2127-422b-91ae-364da2661108 | bugzilla.mozilla.org | Issue Tracking, Permissions Required |
| [security-announce] openSUSE-SU-2016:1769-1: important: Security update | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | Third Party Advisory |
| [security-announce] openSUSE-SU-2016:1557-1: important: Security update | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | Third Party Advisory |
| 1263384 – VP8 encoder: Heap block overrun (writing) from copy_and_extend_plane -> memset | af854a3a-2127-422b-91ae-364da2661108 | bugzilla.mozilla.org | Issue Tracking, Permissions Required |
| Oracle Linux Bulletin - April 2016 | af854a3a-2127-422b-91ae-364da2661108 | www.oracle.com | |
| Mozilla Firefox Multiple Security Vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| 1256493 – hunspell: heap-buffer-overflow write in [@u16_u8] | af854a3a-2127-422b-91ae-364da2661108 | bugzilla.mozilla.org | Issue Tracking, Permissions Required |
| [security-announce] openSUSE-SU-2016:1552-1: important: Security update | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 690285 Free Berkeley Software Distribution (FreeBSD) Security Update for mozilla (8065d37b-8e7c-4707-a608-1b0a2b8509c3)