CVE-2016-2824Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources
Severity
8.8HIGHNVD
EPSS
0.7%
top 28.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Mozilla FirefoxOpensuse LeapOpensuse+2 more
Timeline
PublishedJun 13
Latest updateMay 14

Description

The TSymbolTableLevel class in ANGLE, as used in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows, allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact by triggering use of a WebGL shader that writes to an array.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages5 packages

NVDmozilla/firefox46.0.1+2
NVDopensuse/leap42.1
NVDopensuse/opensuse13.1, 13.2+1

🔴Vulnerability Details

1
GHSA
GHSA-29xj-m56g-2pfp: The TSymbolTableLevel class in ANGLE, as used in Mozilla Firefox before 472022-05-14

📋Vendor Advisories

1
Debian
CVE-2016-2824: firefox - The TSymbolTableLevel class in ANGLE, as used in Mozilla Firefox before 47.0 and...2016
CVE-2016-2824 — Mozilla Firefox vulnerability | cvebase