CVE-2016-2814
published 2016-04-30CVE-2016-2814: Heap-based buffer overflow in the stagefright::SampleTable::parseSampleCencInfo function in libstagefright in Mozilla Firefox before 46.0, Firefox ESR 38.x…
PriorityP346high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
EPSS
3.78%
88.6th percentile
Heap-based buffer overflow in the stagefright::SampleTable::parseSampleCencInfo function in libstagefright in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code via crafted CENC offsets that lead to mismanagement of the sizes table.
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 46.0-1 (sid) | firefox 46.0-1 (sid) |
| debian | firefox-esr | < firefox 46.0-1 (sid) | firefox 46.0-1 (sid) |
| mozilla | firefox | <= 45.0.2 | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | >= 0 < 46.0+build5-0ubuntu0.14.04.2 | 46.0+build5-0ubuntu0.14.04.2 |
| mozilla | firefox | >= 0 < 46.0.1+build1-0ubuntu0.14.04.3 | 46.0.1+build1-0ubuntu0.14.04.3 |
| mozilla | firefox | >= 0 < 46.0+build5-0ubuntu0.16.04.2 | 46.0+build5-0ubuntu0.16.04.2 |
| mozilla | firefox | >= 0 < 46.0.1+build1-0ubuntu0.16.04.2 | 46.0.1+build1-0ubuntu0.16.04.2 |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.8HIGH
vendor_debian8.8HIGH
vendor_redhat8.8HIGH
vendor_ubuntu8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Firefox regression
vendor_ubuntu·2016-05-19·CVSS 8.8
[HIGH] Firefox regression
Title: Firefox regression
Summary: USN-2936-1 introduced a regression in Firefox.
USN-2936-1 fixed vulnerabilities in Firefox. The update caused an issue
where a device update POST request was sent every time about:preferences#sync
was shown. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Christian Holler, Tyson Smith, Phil Ringalda, Gary Kwong, Jesse Ruderman,
Mats Palmgren, Carsten Book, Boris Zbarsky, David Bolter, Randell Jesup,
Andrew McCreight, and Steve Fink discovered multiple memory safety issues
in Firefox. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit these to cause a denial of
service via application crash, or execute arbitrary code with the
privileges of the user invok
Ubuntu
Oxygen-GTK3 update
vendor_ubuntu·2016-05-02·CVSS 8.8
[HIGH] Oxygen-GTK3 update
Title: Oxygen-GTK3 update
Summary: USN-2936-1 caused Firefox to crash on startup with the Oxygen GTK theme
USN-2936-1 fixed vulnerabilities in Firefox. The update caused Firefox to
crash on startup with the Oxygen GTK theme due to a pre-existing bug in
the Oxygen-GTK3 theme engine. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Christian Holler, Tyson Smith, Phil Ringalda, Gary Kwong, Jesse Ruderman,
Mats Palmgren, Carsten Book, Boris Zbarsky, David Bolter, Randell Jesup,
Andrew McCreight, and Steve Fink discovered multiple memory safety issues
in Firefox. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit these to cause a denial of
service via application crash, or execute arbitrary co
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2016-04-27·CVSS 8.8
CVE-2016-2804 [HIGH] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Christian Holler, Tyson Smith, Phil Ringalda, Gary Kwong, Jesse Ruderman,
Mats Palmgren, Carsten Book, Boris Zbarsky, David Bolter, Randell Jesup,
Andrew McCreight, and Steve Fink discovered multiple memory safety issues
in Firefox. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit these to cause a denial of
service via application crash, or execute arbitrary code with the
privileges of the user invoking Firefox. (CVE-2016-2804, CVE-2016-2806,
CVE-2016-2807)
An invalid write was discovered when using the JavaScript .watch() method in
some circumstances. If a user were tricked in to opening a specially
Red Hat
Mozilla: Buffer overflow in libstagefright with CENC offsets (MFSA 2016-44)
vendor_redhat·2016-04-26·CVSS 8.8
CVE-2016-2814 [HIGH] Mozilla: Buffer overflow in libstagefright with CENC offsets (MFSA 2016-44)
Mozilla: Buffer overflow in libstagefright with CENC offsets (MFSA 2016-44)
Heap-based buffer overflow in the stagefright::SampleTable::parseSampleCencInfo function in libstagefright in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code via crafted CENC offsets that lead to mismanagement of the sizes table.
Debian
CVE-2016-2814: firefox - Heap-based buffer overflow in the stagefright::SampleTable::parseSampleCencInfo ...
vendor_debian·2016·CVSS 8.8
CVE-2016-2814 [HIGH] CVE-2016-2814: firefox - Heap-based buffer overflow in the stagefright::SampleTable::parseSampleCencInfo ...
Heap-based buffer overflow in the stagefright::SampleTable::parseSampleCencInfo function in libstagefright in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code via crafted CENC offsets that lead to mismanagement of the sizes table.
Scope: local
sid: resolved (fixed in 46.0-1)
GHSA
GHSA-5w2r-q893-4x6m: Heap-based buffer overflow in the stagefright::SampleTable::parseSampleCencInfo function in libstagefright in Mozilla Firefox before 46
ghsa_unreviewed·2022-05-17
CVE-2016-2814 [HIGH] CWE-119 GHSA-5w2r-q893-4x6m: Heap-based buffer overflow in the stagefright::SampleTable::parseSampleCencInfo function in libstagefright in Mozilla Firefox before 46
Heap-based buffer overflow in the stagefright::SampleTable::parseSampleCencInfo function in libstagefright in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code via crafted CENC offsets that lead to mismanagement of the sizes table.
OSV
firefox regression
osv·2016-05-19·CVSS 8.8
[HIGH] firefox regression
firefox regression
USN-2936-1 fixed vulnerabilities in Firefox. The update caused an issue
where a device update POST request was sent every time about:preferences#sync
was shown. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Christian Holler, Tyson Smith, Phil Ringalda, Gary Kwong, Jesse Ruderman,
Mats Palmgren, Carsten Book, Boris Zbarsky, David Bolter, Randell Jesup,
Andrew McCreight, and Steve Fink discovered multiple memory safety issues
in Firefox. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit these to cause a denial of
service via application crash, or execute arbitrary code with the
privileges of the user invoking Firefox. (CVE-2016-2804, CVE-2016-2806,
CVE-2016-2807)
An i
OSV
CVE-2016-2814: Heap-based buffer overflow in the stagefright::SampleTable::parseSampleCencInfo function in libstagefright in Mozilla Firefox before 46
osv·2016-04-30·CVSS 8.8
CVE-2016-2814 [HIGH] CVE-2016-2814: Heap-based buffer overflow in the stagefright::SampleTable::parseSampleCencInfo function in libstagefright in Mozilla Firefox before 46
Heap-based buffer overflow in the stagefright::SampleTable::parseSampleCencInfo function in libstagefright in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code via crafted CENC offsets that lead to mismanagement of the sizes table.
OSV
firefox vulnerabilities
osv·2016-04-27·CVSS 8.8
[HIGH] firefox vulnerabilities
firefox vulnerabilities
Christian Holler, Tyson Smith, Phil Ringalda, Gary Kwong, Jesse Ruderman,
Mats Palmgren, Carsten Book, Boris Zbarsky, David Bolter, Randell Jesup,
Andrew McCreight, and Steve Fink discovered multiple memory safety issues
in Firefox. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit these to cause a denial of
service via application crash, or execute arbitrary code with the
privileges of the user invoking Firefox. (CVE-2016-2804, CVE-2016-2806,
CVE-2016-2807)
An invalid write was discovered when using the JavaScript .watch() method in
some circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via application crash,
No detection rules found.
No public exploits indexed.
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00005.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00023.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00054.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00057.htmlhttp://lists.opensuse.org/opensuse-updates/2016-05/msg00038.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0695.htmlhttp://www.debian.org/security/2016/dsa-3559http://www.mozilla.org/security/announce/2016/mfsa2016-44.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlhttp://www.securitytracker.com/id/1035692http://www.ubuntu.com/usn/USN-2936-1http://www.ubuntu.com/usn/USN-2936-2http://www.ubuntu.com/usn/USN-2936-3https://bugzilla.mozilla.org/show_bug.cgi?id=1254721https://security.gentoo.org/glsa/201701-15http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00005.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00023.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00054.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00057.htmlhttp://lists.opensuse.org/opensuse-updates/2016-05/msg00038.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0695.htmlhttp://www.debian.org/security/2016/dsa-3559http://www.mozilla.org/security/announce/2016/mfsa2016-44.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlhttp://www.securitytracker.com/id/1035692http://www.ubuntu.com/usn/USN-2936-1http://www.ubuntu.com/usn/USN-2936-2http://www.ubuntu.com/usn/USN-2936-3https://bugzilla.mozilla.org/show_bug.cgi?id=1254721https://security.gentoo.org/glsa/201701-15
2016-04-30
Published