CVE-2016-2836

Summary

CVE	CVE-2016-2836
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2016-08-05 01:59:00 UTC
Updated	2017-08-16 01:29:00 UTC
Description	Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to Http2Session::Shutdown and SpdySession31::Shutdown, and other vectors.

Risk And Classification

Problem Types: CWE-119

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Mozilla	Firefox	All	All	All	All
Application	Mozilla	Firefox Esr	45.1.0	All	All	All
Application	Mozilla	Firefox Esr	45.1.1	All	All	All
Application	Mozilla	Firefox Esr	45.2.0	All	All	All
Application	Mozilla	Firefox Esr	45.3.0	All	All	All
Application	Mozilla	Firefox Esr	45.1.0	All	All	All
Application	Mozilla	Firefox Esr	45.1.1	All	All	All
Application	Mozilla	Firefox Esr	45.2.0	All	All	All
Application	Mozilla	Firefox Esr	45.3.0	All	All	All

References

Reference	Source	Link	Tags
1268626 - Crash [@ ??] or Assertion failure: MIR instruction returned value with unexpected type, at js/src/jit/MacroAssembler.cpp:1454	CONFIRM	bugzilla.mozilla.org	Issue Tracking, Permissions Required
1282502 - Crash [@ js::frontend::BytecodeEmitter::emitUnaliasedVarOp] or Assertion failure: num <= (65535), at jsscript.h:451	CONFIRM	bugzilla.mozilla.org	Issue Tracking, Permissions Required
[security-announce] openSUSE-SU-2016:1964-1: important: Security update	SUSE	lists.opensuse.org
1249578 – Assertion failure: mTargetSize.height <= aOriginalSize.height (Created a downscaler, but height is larger), at Downscaler.cpp:71	CONFIRM	bugzilla.mozilla.org	Issue Tracking, Permissions Required
Miscellaneous memory safety hazards (rv:48.0 / rv:45.3) — Mozilla	CONFIRM	www.mozilla.org	Vendor Advisory
[security-announce] openSUSE-SU-2016:2026-1: important: Security update	SUSE	lists.opensuse.org
Mozilla Firefox, Thunderbird: Multiple vulnerabilities (GLSA 201701-15) — Gentoo security	GENTOO	security.gentoo.org
Oracle Linux Bulletin - July 2016	CONFIRM	www.oracle.com
1154923 - Compartment mismatch in js::ScriptSourceObject::initFromOptions	CONFIRM	bugzilla.mozilla.org	Issue Tracking, Permissions Required
822081 – "Assertion failure: !comp->rt->isHeapBusy()" with about:memory and verifyprebarriers	CONFIRM	bugzilla.mozilla.org	Issue Tracking, Permissions Required
Red Hat Customer Portal	REDHAT	rhn.redhat.com
USN-3044-1: Firefox vulnerabilities \| Ubuntu	UBUNTU	www.ubuntu.com
1258079 - Intermittent test_mediaDecoding.html \| application crashed [@ mozilla::OffTheBooksMutex::Lock]	CONFIRM	bugzilla.mozilla.org	Issue Tracking, Permissions Required
Debian -- Security Information -- DSA-3640-1 firefox-esr	DEBIAN	www.debian.org
Mozilla Firefox Multiple Security Vulnerabilities	BID	www.securityfocus.com
Mozilla Firefox Multiple Flaws Let Remote Users Execute Arbitrary Code, Bypass Security Restrictions, Spoof Content, Modify Files, and Obtain Potentially Sensitive Information - SecurityTracker	SECTRACK	www.securitytracker.com
Red Hat Customer Portal	REDHAT	rhn.redhat.com
1283823 - Crash in mozilla::net::Http2Session::ReadSegmentsAgain	CONFIRM	bugzilla.mozilla.org	Issue Tracking
1257765 - [Mac] Obj-C exception: [NSInvalidArgumentException: *** -[_NSConcreteUserNotification setUserInfo:]. UserInfo too big. Encoded data greater than 16k....]	CONFIRM	bugzilla.mozilla.org	Issue Tracking, Permissions Required
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

710500 Gentoo Linux Mozilla Firefox, Thunderbird Multiple Vulnerabilities (GLSA 201701-15)