CVE-2016-5255
published 2016-08-05CVE-2016-5255: Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function in Mozilla Firefox before 48.0 allows remote attackers to execute arbitrary code…
PriorityP343high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
EPSS
2.40%
82.0th percentile
Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function in Mozilla Firefox before 48.0 allows remote attackers to execute arbitrary code via crafted JavaScript that is mishandled during incremental garbage collection.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 48.0-1 (sid) | firefox 48.0-1 (sid) |
| debian | firefox-esr | < firefox 48.0-1 (sid) | firefox 48.0-1 (sid) |
| mozilla | firefox | <= 47.0.1 | — |
| mozilla | firefox | >= 0 < 48.0+build2-0ubuntu0.14.04.1 | 48.0+build2-0ubuntu0.14.04.1 |
| mozilla | firefox | >= 0 < 48.0+build2-0ubuntu0.16.04.1 | 48.0+build2-0ubuntu0.16.04.1 |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_ubuntu9.8CRITICAL
vendor_debian8.8HIGH
vendor_redhat8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2016-08-05·CVSS 9.8
CVE-2016-0718 [CRITICAL] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Gustavo Grieco discovered an out-of-bounds read during XML parsing in
some circumstances. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to cause a
denial of service via application crash, or obtain sensitive information.
(CVE-2016-0718)
Toni Huttunen discovered that once a favicon is requested from a site,
the remote server can keep the network connection open even after the page
is closed. A remote attacked could potentially exploit this to track
users, resulting in information disclosure. (CVE-2016-2830)
Christian Holler, Tyson Smith, Boris Zbarsky, Byron Campen, Julian Seward,
Carsten Boo
Red Hat
Mozilla: Crash in incremental garbage collection in JavaScript (MFSA 2016-71)
vendor_redhat·2016-08-02·CVSS 8.8
CVE-2016-5255 [HIGH] Mozilla: Crash in incremental garbage collection in JavaScript (MFSA 2016-71)
Mozilla: Crash in incremental garbage collection in JavaScript (MFSA 2016-71)
Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function in Mozilla Firefox before 48.0 allows remote attackers to execute arbitrary code via crafted JavaScript that is mishandled during incremental garbage collection.
Statement: This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5, 6 and 7.
Package: firefox (Red Hat Enterprise Linux 5) - Not affected
Package: thunderbird (Red Hat Enterprise Linux 5) - Not affected
Package: firefox (Red Hat Enterprise Linux 6) - Not affected
Package: thunderbird (Red Hat Enterprise Linux 6) - Not affected
Package: firefox (Red Hat Enterprise Linux 7) - Not affected
Package: thunderbird (Red Hat
Debian
CVE-2016-5255: firefox - Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function i...
vendor_debian·2016·CVSS 8.8
CVE-2016-5255 [HIGH] CVE-2016-5255: firefox - Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function i...
Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function in Mozilla Firefox before 48.0 allows remote attackers to execute arbitrary code via crafted JavaScript that is mishandled during incremental garbage collection.
Scope: local
sid: resolved (fixed in 48.0-1)
GHSA
GHSA-3pm3-j3ch-958q: Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function in Mozilla Firefox before 48
ghsa_unreviewed·2022-05-17
CVE-2016-5255 [HIGH] CWE-416 GHSA-3pm3-j3ch-958q: Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function in Mozilla Firefox before 48
Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function in Mozilla Firefox before 48.0 allows remote attackers to execute arbitrary code via crafted JavaScript that is mishandled during incremental garbage collection.
OSV
firefox vulnerabilities
osv·2016-08-05·CVSS 9.8
CVE-2016-0718 [CRITICAL] firefox vulnerabilities
firefox vulnerabilities
Gustavo Grieco discovered an out-of-bounds read during XML parsing in
some circumstances. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to cause a
denial of service via application crash, or obtain sensitive information.
(CVE-2016-0718)
Toni Huttunen discovered that once a favicon is requested from a site,
the remote server can keep the network connection open even after the page
is closed. A remote attacked could potentially exploit this to track
users, resulting in information disclosure. (CVE-2016-2830)
Christian Holler, Tyson Smith, Boris Zbarsky, Byron Campen, Julian Seward,
Carsten Book, Gary Kwong, Jesse Ruderman, Andrew McCreight, and Phil
Ringnalda discovered multiple memory safety issues in
OSV
CVE-2016-5255: Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function in Mozilla Firefox before 48
osv·2016-08-03·CVSS 8.8
CVE-2016-5255 [HIGH] CVE-2016-5255: Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function in Mozilla Firefox before 48
Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function in Mozilla Firefox before 48.0 allows remote attackers to execute arbitrary code via crafted JavaScript that is mishandled during incremental garbage collection.
No detection rules found.
No public exploits indexed.
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.htmlhttp://www.mozilla.org/security/announce/2016/mfsa2016-71.htmlhttp://www.securityfocus.com/bid/92260http://www.securitytracker.com/id/1036508http://www.ubuntu.com/usn/USN-3044-1https://bugzilla.mozilla.org/show_bug.cgi?id=1212356https://security.gentoo.org/glsa/201701-15http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.htmlhttp://www.mozilla.org/security/announce/2016/mfsa2016-71.htmlhttp://www.securityfocus.com/bid/92260http://www.securitytracker.com/id/1036508http://www.ubuntu.com/usn/USN-3044-1https://bugzilla.mozilla.org/show_bug.cgi?id=1212356https://security.gentoo.org/glsa/201701-15
2016-08-05
Published