CVE-2016-2828
Summary
| CVE | CVE-2016-2828 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2016-06-13 10:59:00 UTC |
| Updated | 2018-10-30 16:27:00 UTC |
| Description | Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via WebGL content that triggers texture access after destruction of the texture's recycle pool. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Canonical | Ubuntu Linux | 12.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 15.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 12.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 15.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Application | Mozilla | Firefox | All | All | All | All |
| Application | Mozilla | Firefox Esr | 45.1.0 | All | All | All |
| Application | Mozilla | Firefox Esr | 45.1.1 | All | All | All |
| Application | Mozilla | Firefox Esr | 45.1.0 | All | All | All |
| Application | Mozilla | Firefox Esr | 45.1.1 | All | All | All |
| Operating System | Opensuse | Leap | 42.1 | All | All | All |
| Operating System | Opensuse | Leap | 42.1 | All | All | All |
| Operating System | Opensuse | Opensuse | 13.1 | All | All | All |
| Operating System | Opensuse | Opensuse | 13.2 | All | All | All |
| Operating System | Opensuse | Opensuse | 13.1 | All | All | All |
| Operating System | Opensuse | Opensuse | 13.2 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Mozilla Firefox Multiple Security Vulnerabilities | BID | www.securityfocus.com | |
| Mozilla Firefox Multiple Flaws Let Remote Users Execute Arbitrary Code, Bypass Security Restrictions, and Obtain Potentially Sensitive Information and Let Local Users Gain Elevated Privileges - SecurityTracker | SECTRACK | www.securitytracker.com | |
| Debian -- Security Information -- DSA-3600-1 firefox-esr | DEBIAN | www.debian.org | |
| [security-announce] SUSE-SU-2016:1691-1: important: Security update for | SUSE | lists.opensuse.org | |
| [security-announce] openSUSE-SU-2016:1557-1: important: Security update | SUSE | lists.opensuse.org | |
| Oracle Linux Bulletin - April 2016 | CONFIRM | www.oracle.com | |
| USN-2993-1: Firefox vulnerabilities | Ubuntu | UBUNTU | www.ubuntu.com | |
| [security-announce] openSUSE-SU-2016:1552-1: important: Security update | SUSE | lists.opensuse.org | |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| Use-after-free when textures are used in WebGL operations after recycle pool destruction — Mozilla | CONFIRM | www.mozilla.org | Vendor Advisory |
| 1223810 – (CVE-2016-2828) Crash when zooming out on a three.js demo | CONFIRM | bugzilla.mozilla.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 690285 Free Berkeley Software Distribution (FreeBSD) Security Update for mozilla (8065d37b-8e7c-4707-a608-1b0a2b8509c3)