CVE-2016-2835

Published on: 08/04/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:16 PM UTC

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Certain versions of Firefox from Mozilla contain the following vulnerability:

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

  • CVE-2016-2835 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 8.8 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW NONE REQUIRED
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVSS2 Score: 6.8 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK MEDIUM NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL PARTIAL PARTIAL

CVE References

Description Tags Link
[security-announce] openSUSE-SU-2016:1964-1: important: Security update lists.opensuse.org
text/html
URL Logo SUSE openSUSE-SU-2016:1964
1251308 - JS::DescribeScriptedCaller return value is now a lie in some cases Issue Tracking
Permissions Required
bugzilla.mozilla.org
text/html
URL Logo CONFIRM bugzilla.mozilla.org/show_bug.cgi?id=1251308
Miscellaneous memory safety hazards (rv:48.0 / rv:45.3) — Mozilla Vendor Advisory
www.mozilla.org
text/html
URL Logo CONFIRM www.mozilla.org/security/announce/2016/mfsa2016-62.html
[security-announce] openSUSE-SU-2016:2026-1: important: Security update lists.opensuse.org
text/html
URL Logo SUSE openSUSE-SU-2016:2026
Mozilla Firefox, Thunderbird: Multiple vulnerabilities (GLSA 201701-15) — Gentoo security security.gentoo.org
text/html
URL Logo GENTOO GLSA-201701-15
1222101 - TSan: data race ipc/glue/MessagePump.cpp:142 ScheduleWork (race on mThread) Issue Tracking
Permissions Required
bugzilla.mozilla.org
text/html
URL Logo CONFIRM bugzilla.mozilla.org/show_bug.cgi?id=1222101
1254106 - Assertion failure: offset_ == offset (offset fits in 31 bits), at js/src/jit/Label.h:56 Issue Tracking
Permissions Required
bugzilla.mozilla.org
text/html
URL Logo CONFIRM bugzilla.mozilla.org/show_bug.cgi?id=1254106
1280443 - Crash in nr_socket_sendto Issue Tracking
Permissions Required
bugzilla.mozilla.org
text/html
URL Logo CONFIRM bugzilla.mozilla.org/show_bug.cgi?id=1280443
1264998 - Assertion failure: bailoutId < bailoutEntries_, at js/src/jit/IonCode.h:477 involving oomTest Issue Tracking
Permissions Required
bugzilla.mozilla.org
text/html
URL Logo CONFIRM bugzilla.mozilla.org/show_bug.cgi?id=1264998
1275582 - TSan: data race security/nss/lib/freebl/sha_fast.c:176 SHA1_End Issue Tracking
Permissions Required
bugzilla.mozilla.org
text/html
URL Logo CONFIRM bugzilla.mozilla.org/show_bug.cgi?id=1275582
1280215 - null pointer crashes in PeerConnectionMedia::EnsureIceGathering_s Issue Tracking
Permissions Required
bugzilla.mozilla.org
text/html
URL Logo CONFIRM bugzilla.mozilla.org/show_bug.cgi?id=1280215
USN-3044-1: Firefox vulnerabilities | Ubuntu www.ubuntu.com
text/html
URL Logo UBUNTU USN-3044-1
1282246 - SEGV on unknown address [@fill] in src/gfx/skia/skia/src/effects/gradients/SkLinearGradient.cpp Issue Tracking
Permissions Required
bugzilla.mozilla.org
text/html
URL Logo CONFIRM bugzilla.mozilla.org/show_bug.cgi?id=1282246
Mozilla Firefox Multiple Security Vulnerabilities cve.report (archive)
text/html
URL Logo BID 92261
Mozilla Firefox Multiple Flaws Let Remote Users Execute Arbitrary Code, Bypass Security Restrictions, Spoof Content, Modify Files, and Obtain Potentially Sensitive Information - SecurityTracker www.securitytracker.com
text/html
URL Logo SECTRACK 1036508
1270537 - woff2: heap-buffer-overflow write in [@ReconstructGlyf] Issue Tracking
Permissions Required
bugzilla.mozilla.org
text/html
URL Logo CONFIRM bugzilla.mozilla.org/show_bug.cgi?id=1270537

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationMozillaFirefoxAllAllAllAll
  • cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*: