{"api_version":"1","generated_at":"2026-04-23T12:32:48+00:00","cve":"CVE-2016-5258","urls":{"html":"https://cve.report/CVE-2016-5258","api":"https://cve.report/api/cve/CVE-2016-5258.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2016-5258","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2016-5258"},"summary":{"title":"CVE-2016-5258","description":"Use-after-free vulnerability in the WebRTC socket thread in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code by leveraging incorrect free operations on DTLS objects during the shutdown of a WebRTC session.","state":"PUBLIC","assigner":"security@mozilla.org","published_at":"2016-08-05 01:59:00","updated_at":"2019-12-27 16:08:00"},"problem_types":["CWE-416"],"metrics":[],"references":[{"url":"http://www.securityfocus.com/bid/92258","name":"92258","refsource":"BID","tags":[],"title":"Mozilla Firefox Multiple Security Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html","name":"openSUSE-SU-2016:1964","refsource":"SUSE","tags":[],"title":"[security-announce] openSUSE-SU-2016:1964-1: important: Security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html","name":"openSUSE-SU-2016:2026","refsource":"SUSE","tags":[],"title":"[security-announce] openSUSE-SU-2016:2026-1: important: Security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.gentoo.org/glsa/201701-15","name":"GLSA-201701-15","refsource":"GENTOO","tags":[],"title":"Mozilla Firefox, Thunderbird: Multiple vulnerabilities (GLSA 201701-15) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html","name":"http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html","refsource":"CONFIRM","tags":["Third Party Advisory"],"title":"Oracle Linux Bulletin - July 2016","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.ubuntu.com/usn/USN-3044-1","name":"USN-3044-1","refsource":"UBUNTU","tags":[],"title":"USN-3044-1: Firefox vulnerabilities | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1279146","name":"https://bugzilla.mozilla.org/show_bug.cgi?id=1279146","refsource":"CONFIRM","tags":["Exploit","Issue Tracking"],"title":"1279146 - (CVE-2016-5258) WebRTC - Use After Free in socket thread","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.mozilla.org/security/announce/2016/mfsa2016-72.html","name":"http://www.mozilla.org/security/announce/2016/mfsa2016-72.html","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"Use-after-free in DTLS during WebRTC session shutdown — Mozilla","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.debian.org/security/2016/dsa-3640","name":"DSA-3640","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-3640-1 firefox-esr","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id/1036508","name":"1036508","refsource":"SECTRACK","tags":[],"title":"Mozilla Firefox Multiple Flaws Let Remote Users Execute Arbitrary Code, Bypass Security Restrictions, Spoof Content, Modify Files, and Obtain Potentially Sensitive Information - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2016-1551.html","name":"RHSA-2016:1551","refsource":"REDHAT","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2016-5258","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5258","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2016","cve_id":"5258","vulnerable":"1","versionEndIncluding":"47.0.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"5258","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox_esr","cpe6":"45.1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"5258","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox_esr","cpe6":"45.1.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"5258","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox_esr","cpe6":"45.2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"5258","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox_esr","cpe6":"45.3.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"5258","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox_esr","cpe6":"45.1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"5258","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox_esr","cpe6":"45.1.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"5258","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox_esr","cpe6":"45.2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"5258","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox_esr","cpe6":"45.3.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"5258","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"oracle","cpe5":"linux","cpe6":"5.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"5258","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"oracle","cpe5":"linux","cpe6":"6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"5258","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"oracle","cpe5":"linux","cpe6":"7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"5258","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"oracle","cpe5":"linux","cpe6":"5.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"5258","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"oracle","cpe5":"linux","cpe6":"6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"5258","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"oracle","cpe5":"linux","cpe6":"7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2016-5258","qid":"710500","title":"Gentoo Linux Mozilla Firefox, Thunderbird Multiple Vulnerabilities (GLSA 201701-15)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"security@mozilla.org","ID":"CVE-2016-5258","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Use-after-free vulnerability in the WebRTC socket thread in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code by leveraging incorrect free operations on DTLS objects during the shutdown of a WebRTC session."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"DSA-3640","refsource":"DEBIAN","url":"http://www.debian.org/security/2016/dsa-3640"},{"name":"https://bugzilla.mozilla.org/show_bug.cgi?id=1279146","refsource":"CONFIRM","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1279146"},{"name":"1036508","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1036508"},{"name":"http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html","refsource":"CONFIRM","url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"},{"name":"http://www.mozilla.org/security/announce/2016/mfsa2016-72.html","refsource":"CONFIRM","url":"http://www.mozilla.org/security/announce/2016/mfsa2016-72.html"},{"name":"USN-3044-1","refsource":"UBUNTU","url":"http://www.ubuntu.com/usn/USN-3044-1"},{"name":"92258","refsource":"BID","url":"http://www.securityfocus.com/bid/92258"},{"name":"RHSA-2016:1551","refsource":"REDHAT","url":"http://rhn.redhat.com/errata/RHSA-2016-1551.html"},{"name":"GLSA-201701-15","refsource":"GENTOO","url":"https://security.gentoo.org/glsa/201701-15"},{"name":"openSUSE-SU-2016:1964","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html"},{"name":"openSUSE-SU-2016:2026","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html"}]}},"nvd":{"publishedDate":"2016-08-05 01:59:00","lastModifiedDate":"2019-12-27 16:08:00","problem_types":["CWE-416"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.8},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:oracle:linux:5.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","versionEndIncluding":"47.0.1","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox_esr:45.1.1:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox_esr:45.1.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox_esr:45.2.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox_esr:45.3.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2016","CveId":"5258","Ordinal":"91308","Title":"CVE-2016-5258","CVE":"CVE-2016-5258","Year":"2016"},"notes":[{"CveYear":"2016","CveId":"5258","Ordinal":"1","NoteData":"Use-after-free vulnerability in the WebRTC socket thread in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code by leveraging incorrect free operations on DTLS objects during the shutdown of a WebRTC session.","Type":"Description","Title":null},{"CveYear":"2016","CveId":"5258","Ordinal":"2","NoteData":"2016-08-04","Type":"Other","Title":"Published"},{"CveYear":"2016","CveId":"5258","Ordinal":"3","NoteData":"2017-08-15","Type":"Other","Title":"Modified"}]}}}