CVE-2016-2818
Summary
| CVE | CVE-2016-2818 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2016-06-13 10:59:00 UTC |
| Updated | 2023-09-12 14:55:00 UTC |
| Description | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. |
Risk And Classification
Problem Types: CWE-119
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Canonical | Ubuntu Linux | 12.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 15.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 12.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 15.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Application | Mozilla | Firefox | All | All | All | All |
| Application | Mozilla | Firefox Esr | 45.1.0 | All | All | All |
| Application | Mozilla | Firefox Esr | 45.1.1 | All | All | All |
| Application | Mozilla | Firefox Esr | 45.1.0 | All | All | All |
| Application | Mozilla | Firefox Esr | 45.1.1 | All | All | All |
| Operating System | Novell | Suse Linux Enterprise Desktop | 12.0 | All | All | All |
| Operating System | Novell | Suse Linux Enterprise Desktop | 12.0 | sp1 | All | All |
| Operating System | Novell | Suse Linux Enterprise Desktop | 12.0 | All | All | All |
| Operating System | Novell | Suse Linux Enterprise Desktop | 12.0 | sp1 | All | All |
| Operating System | Novell | Suse Linux Enterprise Server | 12.0 | All | All | All |
| Operating System | Novell | Suse Linux Enterprise Server | 12.0 | sp1 | All | All |
| Operating System | Novell | Suse Linux Enterprise Server | 12.0 | All | All | All |
| Operating System | Novell | Suse Linux Enterprise Server | 12.0 | sp1 | All | All |
| Application | Novell | Suse Linux Enterprise Software Development Kit | 12.0 | All | All | All |
| Application | Novell | Suse Linux Enterprise Software Development Kit | 12.0 | sp1 | All | All |
| Operating System | Novell | Suse Linux Enterprise Software Development Kit | 12.0 | All | All | All |
| Operating System | Novell | Suse Linux Enterprise Software Development Kit | 12.0 | sp1 | All | All |
| Operating System | Novell | Suse Linux Enterprise Software Development Kit | 12.0 | All | All | All |
| Operating System | Novell | Suse Linux Enterprise Software Development Kit | 12.0 | sp1 | All | All |
| Application | Novell | Suse Package Hub For Suse Linux Enterprise | 12 | All | All | All |
| Application | Novell | Suse Package Hub For Suse Linux Enterprise | 12 | All | All | All |
| Operating System | Opensuse | Leap | 42.1 | All | All | All |
| Operating System | Opensuse | Leap | 42.1 | All | All | All |
| Operating System | Opensuse | Opensuse | 13.1 | All | All | All |
| Operating System | Opensuse | Opensuse | 13.2 | All | All | All |
| Operating System | Opensuse | Opensuse | 13.1 | All | All | All |
| Operating System | Opensuse | Opensuse | 13.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 5.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 5.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Ibm Z Systems | 5.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Ibm Z Systems | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Ibm Z Systems | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Ibm Z Systems | 5.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Ibm Z Systems | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Ibm Z Systems | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Ibm Z Systems Eus | 7.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Ibm Z Systems Eus | 7.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Power Big Endian | 5.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Power Big Endian | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Power Big Endian | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Power Big Endian | 5.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Power Big Endian | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Power Big Endian | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Power Big Endian Eus | 7.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Power Big Endian Eus | 7.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Power Little Endian | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Power Little Endian | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Power Little Endian Eus | 7.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Power Little Endian Eus | 7.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Scientific Computing | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Scientific Computing | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 5.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 5.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 7.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 7.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 5.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 5.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 7.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Mozilla Firefox Multiple Security Vulnerabilities | BID | www.securityfocus.com | |
| 1261230 – be sure to clear stashed views when reconstructing/destroying a subdocument frame | CONFIRM | bugzilla.mozilla.org | Issue Tracking, Permissions Required |
| Mozilla Firefox Multiple Flaws Let Remote Users Execute Arbitrary Code, Bypass Security Restrictions, and Obtain Potentially Sensitive Information and Let Local Users Gain Elevated Privileges - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| Debian -- Security Information -- DSA-3600-1 firefox-esr | DEBIAN | www.debian.org | Third Party Advisory |
| [security-announce] SUSE-SU-2016:1691-1: important: Security update for | SUSE | lists.opensuse.org | Third Party Advisory |
| 1265577 – don't rely on the views we stash when we destroy a subdocument frame to stick around | CONFIRM | bugzilla.mozilla.org | Issue Tracking, Permissions Required |
| USN-3023-1: Thunderbird vulnerabilities | Ubuntu | UBUNTU | www.ubuntu.com | |
| Oracle Linux Bulletin - July 2016 | CONFIRM | www.oracle.com | |
| 1256493 – hunspell: heap-buffer-overflow write in [@u16_u8] | CONFIRM | bugzilla.mozilla.org | Issue Tracking, Permissions Required |
| 1264575 – Assertion failure: [barrier verifier] Unmarked edge: object slot, at js/src/gc/Verifier.cpp:301 | CONFIRM | bugzilla.mozilla.org | Issue Tracking, Permissions Required |
| Debian -- Security Information -- DSA-3647-1 icedove | DEBIAN | www.debian.org | |
| 1256739 – hunspell: stack-buffer-overflow write in [@SfxEntry::checkword] | CONFIRM | bugzilla.mozilla.org | Issue Tracking, Permissions Required |
| 1234147 – crash in js::jit::JitcodeGlobalTable::allocateTower & js::GetOwnPropertyDescriptor | CONFIRM | bugzilla.mozilla.org | Issue Tracking, Permissions Required |
| [security-announce] openSUSE-SU-2016:1557-1: important: Security update | SUSE | lists.opensuse.org | Third Party Advisory |
| Oracle Linux Bulletin - April 2016 | CONFIRM | www.oracle.com | |
| 1273701 – pixman image ref-counting races with cairo solid colors | CONFIRM | bugzilla.mozilla.org | Issue Tracking, Permissions Required |
| 1256968 – hunspell: heap-buffer-overflow write in [@u16_u8] | CONFIRM | bugzilla.mozilla.org | Issue Tracking, Permissions Required |
| USN-2993-1: Firefox vulnerabilities | Ubuntu | UBUNTU | www.ubuntu.com | Third Party Advisory |
| 1261752 – hold strong pointers to view managers and widgets and/or check for destruction in various places | CONFIRM | bugzilla.mozilla.org | Issue Tracking, Permissions Required |
| Red Hat Customer Portal | REDHAT | access.redhat.com | Third Party Advisory |
| [security-announce] openSUSE-SU-2016:1769-1: important: Security update | SUSE | lists.opensuse.org | Third Party Advisory |
| [security-announce] openSUSE-SU-2016:1552-1: important: Security update | SUSE | lists.opensuse.org | Third Party Advisory |
| [security-announce] openSUSE-SU-2016:1778-1: important: Security update | SUSE | lists.opensuse.org | Third Party Advisory |
| 1263384 – VP8 encoder: Heap block overrun (writing) from copy_and_extend_plane -> memset | CONFIRM | bugzilla.mozilla.org | Issue Tracking, Permissions Required |
| 1269729 – Assertion failure: aIndex < mLength, at dist/include/mozilla/Vector.h:439 with OOM | CONFIRM | bugzilla.mozilla.org | Issue Tracking, Permissions Required |
| Red Hat Customer Portal | REDHAT | access.redhat.com | Third Party Advisory |
| 1273202 – HTMLInputElement may dispatch events inside its destructor | CONFIRM | bugzilla.mozilla.org | Issue Tracking, Permissions Required |
| Miscellaneous memory safety hazards (rv:47.0 / rv:45.2) — Mozilla | CONFIRM | www.mozilla.org | Vendor Advisory |
| [security-announce] openSUSE-SU-2016:1767-1: important: Security update | SUSE | lists.opensuse.org | Third Party Advisory |
| 1267130 – nsStandardURL::SetHost called net_ToLowerCase with a bogus pointer, #5 | CONFIRM | bugzilla.mozilla.org | Issue Tracking, Permissions Required |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 690285 Free Berkeley Software Distribution (FreeBSD) Security Update for mozilla (8065d37b-8e7c-4707-a608-1b0a2b8509c3)