CVE-2016-5254

CWE-416 — Use After Free8 documents8 sources

Severity

9.8CRITICAL

EPSS

1.5%

top 18.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Oracle Linux

Timeline

PublishedAug 5

Latest updateMay 13

Description

Use-after-free vulnerability in the nsXULPopupManager::KeyDown function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) by leveraging keyboard access to use the Alt key during selection of top-level menu items.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶NVDmozilla/firefox47.0.1+4

▶Debianfirefox-esr< 45.3.0esr-1+3

▶NVDoracle/linux5.0, 6, 7+2

🔴Vulnerability Details

GHSA

GHSA-rr56-xh92-q28g: Use-after-free vulnerability in the nsXULPopupManager::KeyDown function in Mozilla Firefox before 48↗2022-05-13

▶

OSV

CVE-2016-5254: Use-after-free vulnerability in the nsXULPopupManager::KeyDown function in Mozilla Firefox before 48↗2016-08-05

▶

CVEList

CVE-2016-5254: Use-after-free vulnerability in the nsXULPopupManager::KeyDown function in Mozilla Firefox before 48↗2016-08-05

▶

📋Vendor Advisories

Ubuntu

Firefox vulnerabilities↗2016-08-05

▶

Red Hat

Mozilla: Use-after-free when using alt key and toplevel menus (MFSA 2016-70)↗2016-08-02

▶

Debian

CVE-2016-5254: firefox - Use-after-free vulnerability in the nsXULPopupManager::KeyDown function in Mozil...↗2016

▶

💬Community

Bugzilla

CVE-2016-5254 Mozilla: Use-after-free when using alt key and toplevel menus (MFSA 2016-70)↗2016-08-01

▶