CVE-2016-2838
published 2016-08-05CVE-2016-2838: Heap-based buffer overflow in the nsBidi::BracketData::AddOpening function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote…
PriorityP345high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
EPSS
4.51%
90.3th percentile
Heap-based buffer overflow in the nsBidi::BracketData::AddOpening function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via directional content in an SVG document.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 48.0-1 (sid) | firefox 48.0-1 (sid) |
| debian | firefox-esr | < firefox 48.0-1 (sid) | firefox 48.0-1 (sid) |
| mozilla | firefox | <= 47.0.1 | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | >= 0 < 48.0+build2-0ubuntu0.14.04.1 | 48.0+build2-0ubuntu0.14.04.1 |
| mozilla | firefox | >= 0 < 48.0+build2-0ubuntu0.16.04.1 | 48.0+build2-0ubuntu0.16.04.1 |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_ubuntu9.8CRITICAL
vendor_debian8.8HIGH
vendor_redhat8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2016-08-05·CVSS 9.8
CVE-2016-0718 [CRITICAL] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Gustavo Grieco discovered an out-of-bounds read during XML parsing in
some circumstances. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to cause a
denial of service via application crash, or obtain sensitive information.
(CVE-2016-0718)
Toni Huttunen discovered that once a favicon is requested from a site,
the remote server can keep the network connection open even after the page
is closed. A remote attacked could potentially exploit this to track
users, resulting in information disclosure. (CVE-2016-2830)
Christian Holler, Tyson Smith, Boris Zbarsky, Byron Campen, Julian Seward,
Carsten Boo
Red Hat
Mozilla: Buffer overflow rendering SVG with bidirectional content (MFSA 2016-64)
vendor_redhat·2016-08-02·CVSS 8.8
CVE-2016-2838 [HIGH] Mozilla: Buffer overflow rendering SVG with bidirectional content (MFSA 2016-64)
Mozilla: Buffer overflow rendering SVG with bidirectional content (MFSA 2016-64)
Heap-based buffer overflow in the nsBidi::BracketData::AddOpening function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via directional content in an SVG document.
Package: thunderbird (Red Hat Enterprise Linux 5) - Not affected
Package: thunderbird (Red Hat Enterprise Linux 6) - Not affected
Package: thunderbird (Red Hat Enterprise Linux 7) - Not affected
Debian
CVE-2016-2838: firefox - Heap-based buffer overflow in the nsBidi::BracketData::AddOpening function in Mo...
vendor_debian·2016·CVSS 8.8
CVE-2016-2838 [HIGH] CVE-2016-2838: firefox - Heap-based buffer overflow in the nsBidi::BracketData::AddOpening function in Mo...
Heap-based buffer overflow in the nsBidi::BracketData::AddOpening function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via directional content in an SVG document.
Scope: local
sid: resolved (fixed in 48.0-1)
GHSA
GHSA-q8h4-5cvc-cmwh: Heap-based buffer overflow in the nsBidi::BracketData::AddOpening function in Mozilla Firefox before 48
ghsa_unreviewed·2022-05-17
CVE-2016-2838 [HIGH] CWE-119 GHSA-q8h4-5cvc-cmwh: Heap-based buffer overflow in the nsBidi::BracketData::AddOpening function in Mozilla Firefox before 48
Heap-based buffer overflow in the nsBidi::BracketData::AddOpening function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via directional content in an SVG document.
OSV
CVE-2016-2838: Heap-based buffer overflow in the nsBidi::BracketData::AddOpening function in Mozilla Firefox before 48
osv·2016-08-05·CVSS 8.8
CVE-2016-2838 [HIGH] CVE-2016-2838: Heap-based buffer overflow in the nsBidi::BracketData::AddOpening function in Mozilla Firefox before 48
Heap-based buffer overflow in the nsBidi::BracketData::AddOpening function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via directional content in an SVG document.
OSV
firefox vulnerabilities
osv·2016-08-05·CVSS 9.8
CVE-2016-0718 [CRITICAL] firefox vulnerabilities
firefox vulnerabilities
Gustavo Grieco discovered an out-of-bounds read during XML parsing in
some circumstances. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to cause a
denial of service via application crash, or obtain sensitive information.
(CVE-2016-0718)
Toni Huttunen discovered that once a favicon is requested from a site,
the remote server can keep the network connection open even after the page
is closed. A remote attacked could potentially exploit this to track
users, resulting in information disclosure. (CVE-2016-2830)
Christian Holler, Tyson Smith, Boris Zbarsky, Byron Campen, Julian Seward,
Carsten Book, Gary Kwong, Jesse Ruderman, Andrew McCreight, and Phil
Ringnalda discovered multiple memory safety issues in
No detection rules found.
No public exploits indexed.
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.htmlhttp://rhn.redhat.com/errata/RHSA-2016-1551.htmlhttp://www.debian.org/security/2016/dsa-3640http://www.mozilla.org/security/announce/2016/mfsa2016-64.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.htmlhttp://www.securityfocus.com/bid/92261http://www.securitytracker.com/id/1036508http://www.ubuntu.com/usn/USN-3044-1https://bugzilla.mozilla.org/show_bug.cgi?id=1279814https://security.gentoo.org/glsa/201701-15http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.htmlhttp://rhn.redhat.com/errata/RHSA-2016-1551.htmlhttp://www.debian.org/security/2016/dsa-3640http://www.mozilla.org/security/announce/2016/mfsa2016-64.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.htmlhttp://www.securityfocus.com/bid/92261http://www.securitytracker.com/id/1036508http://www.ubuntu.com/usn/USN-3044-1https://bugzilla.mozilla.org/show_bug.cgi?id=1279814https://security.gentoo.org/glsa/201701-15
2016-08-05
Published