CVE-2016-5255Use After Free in Firefox

CWE-416Use After Free8 documents7 sources
Severity
8.8HIGHNVD
OSV9.8
EPSS
1.1%
top 21.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxDebian FirefoxDebian Firefox-esr
Timeline
PublishedAug 5
Latest updateMay 17

Description

Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function in Mozilla Firefox before 48.0 allows remote attackers to execute arbitrary code via crafted JavaScript that is mishandled during incremental garbage collection.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

Ubuntumozilla/firefox< 48.0+build2-0ubuntu0.14.04.1+1
NVDmozilla/firefox47.0.1
debiandebian/firefox< firefox 48.0-1 (sid)
debiandebian/firefox-esr< firefox 48.0-1 (sid)

🔴Vulnerability Details

3
GHSA
GHSA-3pm3-j3ch-958q: Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function in Mozilla Firefox before 482022-05-17
OSV
firefox vulnerabilities2016-08-05
OSV
CVE-2016-5255: Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function in Mozilla Firefox before 482016-08-03

📋Vendor Advisories

3
Ubuntu
Firefox vulnerabilities2016-08-05
Red Hat
Mozilla: Crash in incremental garbage collection in JavaScript (MFSA 2016-71)2016-08-02
Debian
CVE-2016-5255: firefox - Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function i...2016

💬Community

1
Bugzilla
CVE-2016-5255 Mozilla: Crash in incremental garbage collection in JavaScript (MFSA 2016-71)2016-08-01