CVE-2016-2837Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents8 sources
Severity
6.3MEDIUMNVD
EPSS
0.4%
top 39.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla FirefoxOracle Linux
Timeline
PublishedAug 5
Latest updateMay 13

Description

Heap-based buffer overflow in the ClearKey Content Decryption Module (CDM) in the Encrypted Media Extensions (EME) API in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 might allow remote attackers to execute arbitrary code by providing a malformed video and leveraging a Gecko Media Plugin (GMP) sandbox bypass.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages2 packages

NVDmozilla/firefox47.0.1+4
NVDoracle/linux5.0, 6, 7+2

🔴Vulnerability Details

3
GHSA
GHSA-94c3-g97c-h69h: Heap-based buffer overflow in the ClearKey Content Decryption Module (CDM) in the Encrypted Media Extensions (EME) API in Mozilla Firefox before 482022-05-13
OSV
CVE-2016-2837: Heap-based buffer overflow in the ClearKey Content Decryption Module (CDM) in the Encrypted Media Extensions (EME) API in Mozilla Firefox before 482016-08-05
CVEList
CVE-2016-2837: Heap-based buffer overflow in the ClearKey Content Decryption Module (CDM) in the Encrypted Media Extensions (EME) API in Mozilla Firefox before 482016-08-05

📋Vendor Advisories

3
Ubuntu
Firefox vulnerabilities2016-08-05
Red Hat
Mozilla: Buffer overflow in ClearKey Content Decryption Module (CDM) during video playback (MFSA 2016-77)2016-08-02
Debian
CVE-2016-2837: firefox - Heap-based buffer overflow in the ClearKey Content Decryption Module (CDM) in th...2016

💬Community

1
Bugzilla
CVE-2016-2837 Mozilla: Buffer overflow in ClearKey Content Decryption Module (CDM) during video playback (MFSA 2016-77)2016-08-01
CVE-2016-2837 — Mozilla Firefox vulnerability | cvebase