CVE-2016-2821
published 2016-06-13CVE-2016-2821: Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2, when contenteditable mode is…
PriorityP335high7.5CVSS 3.0
AVNACHPRNUIRSUCHIHAH
EPSS
2.78%
84.6th percentile
Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2, when contenteditable mode is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by triggering deletion of DOM elements that were created in the editor.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | firefox | < firefox 47.0-1 (sid) | firefox 47.0-1 (sid) |
| debian | firefox-esr | < firefox 47.0-1 (sid) | firefox 47.0-1 (sid) |
| mozilla | firefox | <= 46.0.1 | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | >= 0 < 47.0+build3-0ubuntu0.14.04.1 | 47.0+build3-0ubuntu0.14.04.1 |
| mozilla | firefox | >= 0 < 47.0+build3-0ubuntu0.16.04.1 | 47.0+build3-0ubuntu0.16.04.1 |
| opensuse | leap | — | — |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.8HIGH
vendor_ubuntu8.8HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6f24-v3m3-vf5g: Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firefox before 47
ghsa_unreviewed·2022-05-14
CVE-2016-2821 [HIGH] GHSA-6f24-v3m3-vf5g: Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firefox before 47
Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2, when contenteditable mode is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by triggering deletion of DOM elements that were created in the editor.
OSV
CVE-2016-2821: Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firefox before 47
osv·2016-06-13·CVSS 7.5
CVE-2016-2821 [HIGH] CVE-2016-2821: Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firefox before 47
Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2, when contenteditable mode is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by triggering deletion of DOM elements that were created in the editor.
OSV
firefox vulnerabilities
osv·2016-06-09·CVSS 8.8
CVE-2016-2815 [HIGH] firefox vulnerabilities
firefox vulnerabilities
Christian Holler, Gary Kwong, Jesse Ruderman, Tyson Smith, Timothy Nikkel,
Sylvestre Ledru, Julian Seward, Olli Pettay, Karl Tomlinson, Christoph
Diehl, Julian Hector, Jan de Mooij, Mats Palmgren, and Tooru Fujisawa
discovered multiple memory safety issues in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via application
crash, or execute arbitrary code. (CVE-2016-2815, CVE-2016-2818)
A buffer overflow was discovered when parsing HTML5 fragments in some
circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code. (CVE-2016-28
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2016-06-09·CVSS 8.8
CVE-2016-2815 [HIGH] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Christian Holler, Gary Kwong, Jesse Ruderman, Tyson Smith, Timothy Nikkel,
Sylvestre Ledru, Julian Seward, Olli Pettay, Karl Tomlinson, Christoph
Diehl, Julian Hector, Jan de Mooij, Mats Palmgren, and Tooru Fujisawa
discovered multiple memory safety issues in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via application
crash, or execute arbitrary code. (CVE-2016-2815, CVE-2016-2818)
A buffer overflow was discovered when parsing HTML5 fragments in some
circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could pote
Red Hat
Mozilla: Use-after-free deleting tables from a contenteditable document (MFSA 2016-51)
vendor_redhat·2016-06-08·CVSS 7.5
CVE-2016-2821 [HIGH] Mozilla: Use-after-free deleting tables from a contenteditable document (MFSA 2016-51)
Mozilla: Use-after-free deleting tables from a contenteditable document (MFSA 2016-51)
Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2, when contenteditable mode is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by triggering deletion of DOM elements that were created in the editor.
Package: thunderbird (Red Hat Enterprise Linux 5) - Not affected
Package: thunderbird (Red Hat Enterprise Linux 6) - Not affected
Package: thunderbird (Red Hat Enterprise Linux 7) - Not affected
Debian
CVE-2016-2821: firefox - Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firef...
vendor_debian·2016·CVSS 7.5
CVE-2016-2821 [HIGH] CVE-2016-2821: firefox - Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firef...
Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2, when contenteditable mode is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by triggering deletion of DOM elements that were created in the editor.
Scope: local
sid: resolved (fixed in 47.0-1)
No detection rules found.
No public exploits indexed.
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.htmlhttp://www.debian.org/security/2016/dsa-3600http://www.mozilla.org/security/announce/2016/mfsa2016-51.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlhttp://www.securityfocus.com/bid/91075http://www.securitytracker.com/id/1036057http://www.ubuntu.com/usn/USN-2993-1https://access.redhat.com/errata/RHSA-2016:1217https://bugzilla.mozilla.org/show_bug.cgi?id=1271460http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.htmlhttp://www.debian.org/security/2016/dsa-3600http://www.mozilla.org/security/announce/2016/mfsa2016-51.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlhttp://www.securityfocus.com/bid/91075http://www.securitytracker.com/id/1036057http://www.ubuntu.com/usn/USN-2993-1https://access.redhat.com/errata/RHSA-2016:1217https://bugzilla.mozilla.org/show_bug.cgi?id=1271460
2016-06-13
Published