Stack-based Buffer Underflow in Mozilla Firefox and Firefox ESR
CVE-2016-5252

8.8HIGH

Key Information:

Vendor
Oracle
Status
Linux
Vendor
CVE Published:
5 August 2016

Summary

A stack-based buffer underflow vulnerability exists in the mozilla::gfx::BasePoint4d function of Mozilla Firefox. This flaw affects versions prior to 48.0 and the Firefox Extended Support Release (ESR) prior to 45.3. Attackers can exploit this vulnerability by crafting malicious two-dimensional graphics data that can be mishandled during clipping-region calculations, potentially allowing for arbitrary code execution on compromised systems.

References

http://www.debian.org/security/2016/dsa-3640
vendor-advisoryx_refsource_DEBIAN
http://www.securitytracker.com/id/1036508
vdb-entryx_refsource_SECTRACK
http://www.oracle.com/technetwork/topics/security/linuxbu...
x_refsource_CONFIRM

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.