CVE-2016-1935 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents7 sources

Severity

8.8HIGHNVD

EPSS

0.5%

top 35.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Thunderbird Opensuse Leap +2 more

Timeline

PublishedJan 31

Latest updateMay 13

Description

Buffer overflow in the BufferSubData function in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allows remote attackers to execute arbitrary code via crafted WebGL content.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages6 packages

▶Ubuntumozilla/firefox< 44.0+build3-0ubuntu0.14.04.1

▶NVDmozilla/firefox43.0.4+6

▶Ubuntumozilla/thunderbird< 1:38.6.0+build1-0ubuntu0.14.04.1

▶NVDoracle/linux5.0, 6, 7+2

▶NVDopensuse/leap42.1

🔴Vulnerability Details

GHSA

GHSA-hxwg-8hr4-ch36: Buffer overflow in the BufferSubData function in Mozilla Firefox before 44↗2022-05-13

▶

CVEList

CVE-2016-1935: Buffer overflow in the BufferSubData function in Mozilla Firefox before 44↗2016-01-31

▶

OSV

CVE-2016-1935: Buffer overflow in the BufferSubData function in Mozilla Firefox before 44↗2016-01-26

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2016-03-08

▶

Ubuntu

Firefox vulnerabilities↗2016-01-27

▶

Red Hat

Mozilla: Buffer overflow in WebGL after out of memory allocation (MFSA 2016-03)↗2016-01-26

▶

💬Community

Bugzilla

CVE-2016-1935 Mozilla: Buffer overflow in WebGL after out of memory allocation (MFSA 2016-03)↗2016-01-26

▶