CVE-2016-2811
published 2016-04-30CVE-2016-2811: Use-after-free vulnerability in the ServiceWorkerInfo class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute…
PriorityP346high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
EPSS
2.94%
85.4th percentile
Use-after-free vulnerability in the ServiceWorkerInfo class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute arbitrary code via vectors related to the BeginReading method.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 46.0-1 (sid) | firefox 46.0-1 (sid) |
| debian | firefox-esr | < firefox 46.0-1 (sid) | firefox 46.0-1 (sid) |
| mozilla | firefox | <= 45.0.2 | — |
| mozilla | firefox | >= 0 < 46.0+build5-0ubuntu0.14.04.2 | 46.0+build5-0ubuntu0.14.04.2 |
| mozilla | firefox | >= 0 < 46.0.1+build1-0ubuntu0.14.04.3 | 46.0.1+build1-0ubuntu0.14.04.3 |
| mozilla | firefox | >= 0 < 46.0+build5-0ubuntu0.16.04.2 | 46.0+build5-0ubuntu0.16.04.2 |
| mozilla | firefox | >= 0 < 46.0.1+build1-0ubuntu0.16.04.2 | 46.0.1+build1-0ubuntu0.16.04.2 |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.8HIGH
vendor_debian8.8HIGH
vendor_redhat8.8HIGH
vendor_ubuntu8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Firefox regression
vendor_ubuntu·2016-05-19·CVSS 8.8
[HIGH] Firefox regression
Title: Firefox regression
Summary: USN-2936-1 introduced a regression in Firefox.
USN-2936-1 fixed vulnerabilities in Firefox. The update caused an issue
where a device update POST request was sent every time about:preferences#sync
was shown. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Christian Holler, Tyson Smith, Phil Ringalda, Gary Kwong, Jesse Ruderman,
Mats Palmgren, Carsten Book, Boris Zbarsky, David Bolter, Randell Jesup,
Andrew McCreight, and Steve Fink discovered multiple memory safety issues
in Firefox. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit these to cause a denial of
service via application crash, or execute arbitrary code with the
privileges of the user invok
Ubuntu
Oxygen-GTK3 update
vendor_ubuntu·2016-05-02·CVSS 8.8
[HIGH] Oxygen-GTK3 update
Title: Oxygen-GTK3 update
Summary: USN-2936-1 caused Firefox to crash on startup with the Oxygen GTK theme
USN-2936-1 fixed vulnerabilities in Firefox. The update caused Firefox to
crash on startup with the Oxygen GTK theme due to a pre-existing bug in
the Oxygen-GTK3 theme engine. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Christian Holler, Tyson Smith, Phil Ringalda, Gary Kwong, Jesse Ruderman,
Mats Palmgren, Carsten Book, Boris Zbarsky, David Bolter, Randell Jesup,
Andrew McCreight, and Steve Fink discovered multiple memory safety issues
in Firefox. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit these to cause a denial of
service via application crash, or execute arbitrary co
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2016-04-27·CVSS 8.8
CVE-2016-2804 [HIGH] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Christian Holler, Tyson Smith, Phil Ringalda, Gary Kwong, Jesse Ruderman,
Mats Palmgren, Carsten Book, Boris Zbarsky, David Bolter, Randell Jesup,
Andrew McCreight, and Steve Fink discovered multiple memory safety issues
in Firefox. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit these to cause a denial of
service via application crash, or execute arbitrary code with the
privileges of the user invoking Firefox. (CVE-2016-2804, CVE-2016-2806,
CVE-2016-2807)
An invalid write was discovered when using the JavaScript .watch() method in
some circumstances. If a user were tricked in to opening a specially
Red Hat
Mozilla: Use-after-free and buffer overflow in Service Workers (MFSA 2016-42)
vendor_redhat·2016-04-26·CVSS 8.8
CVE-2016-2811 [HIGH] Mozilla: Use-after-free and buffer overflow in Service Workers (MFSA 2016-42)
Mozilla: Use-after-free and buffer overflow in Service Workers (MFSA 2016-42)
Use-after-free vulnerability in the ServiceWorkerInfo class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute arbitrary code via vectors related to the BeginReading method.
Package: firefox (Red Hat Enterprise Linux 5) - Not affected
Package: firefox (Red Hat Enterprise Linux 6) - Not affected
Package: firefox (Red Hat Enterprise Linux 7) - Not affected
Debian
CVE-2016-2811: firefox - Use-after-free vulnerability in the ServiceWorkerInfo class in the Service Worke...
vendor_debian·2016·CVSS 8.8
CVE-2016-2811 [HIGH] CVE-2016-2811: firefox - Use-after-free vulnerability in the ServiceWorkerInfo class in the Service Worke...
Use-after-free vulnerability in the ServiceWorkerInfo class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute arbitrary code via vectors related to the BeginReading method.
Scope: local
sid: resolved (fixed in 46.0-1)
GHSA
GHSA-w92w-fc6m-j79x: Use-after-free vulnerability in the ServiceWorkerInfo class in the Service Worker subsystem in Mozilla Firefox before 46
ghsa_unreviewed·2022-05-17
CVE-2016-2811 [HIGH] GHSA-w92w-fc6m-j79x: Use-after-free vulnerability in the ServiceWorkerInfo class in the Service Worker subsystem in Mozilla Firefox before 46
Use-after-free vulnerability in the ServiceWorkerInfo class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute arbitrary code via vectors related to the BeginReading method.
OSV
firefox regression
osv·2016-05-19·CVSS 8.8
[HIGH] firefox regression
firefox regression
USN-2936-1 fixed vulnerabilities in Firefox. The update caused an issue
where a device update POST request was sent every time about:preferences#sync
was shown. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Christian Holler, Tyson Smith, Phil Ringalda, Gary Kwong, Jesse Ruderman,
Mats Palmgren, Carsten Book, Boris Zbarsky, David Bolter, Randell Jesup,
Andrew McCreight, and Steve Fink discovered multiple memory safety issues
in Firefox. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit these to cause a denial of
service via application crash, or execute arbitrary code with the
privileges of the user invoking Firefox. (CVE-2016-2804, CVE-2016-2806,
CVE-2016-2807)
An i
OSV
CVE-2016-2811: Use-after-free vulnerability in the ServiceWorkerInfo class in the Service Worker subsystem in Mozilla Firefox before 46
osv·2016-04-27·CVSS 8.8
CVE-2016-2811 [HIGH] CVE-2016-2811: Use-after-free vulnerability in the ServiceWorkerInfo class in the Service Worker subsystem in Mozilla Firefox before 46
Use-after-free vulnerability in the ServiceWorkerInfo class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute arbitrary code via vectors related to the BeginReading method.
OSV
firefox vulnerabilities
osv·2016-04-27·CVSS 8.8
[HIGH] firefox vulnerabilities
firefox vulnerabilities
Christian Holler, Tyson Smith, Phil Ringalda, Gary Kwong, Jesse Ruderman,
Mats Palmgren, Carsten Book, Boris Zbarsky, David Bolter, Randell Jesup,
Andrew McCreight, and Steve Fink discovered multiple memory safety issues
in Firefox. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit these to cause a denial of
service via application crash, or execute arbitrary code with the
privileges of the user invoking Firefox. (CVE-2016-2804, CVE-2016-2806,
CVE-2016-2807)
An invalid write was discovered when using the JavaScript .watch() method in
some circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via application crash,
No detection rules found.
No public exploits indexed.
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00005.htmlhttp://lists.opensuse.org/opensuse-updates/2016-05/msg00038.htmlhttp://www.mozilla.org/security/announce/2016/mfsa2016-42.htmlhttp://www.securitytracker.com/id/1035692http://www.ubuntu.com/usn/USN-2936-1http://www.ubuntu.com/usn/USN-2936-2http://www.ubuntu.com/usn/USN-2936-3https://bugzilla.mozilla.org/show_bug.cgi?id=1252330https://security.gentoo.org/glsa/201701-15http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00005.htmlhttp://lists.opensuse.org/opensuse-updates/2016-05/msg00038.htmlhttp://www.mozilla.org/security/announce/2016/mfsa2016-42.htmlhttp://www.securitytracker.com/id/1035692http://www.ubuntu.com/usn/USN-2936-1http://www.ubuntu.com/usn/USN-2936-2http://www.ubuntu.com/usn/USN-2936-3https://bugzilla.mozilla.org/show_bug.cgi?id=1252330https://security.gentoo.org/glsa/201701-15
2016-04-30
Published