CVE-2016-5258Use After Free in Mozilla Firefox

CWE-416Use After Free8 documents8 sources
Severity
8.8HIGHNVD
EPSS
1.1%
top 21.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla FirefoxOracle Linux
Timeline
PublishedAug 5
Latest updateMay 13

Description

Use-after-free vulnerability in the WebRTC socket thread in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code by leveraging incorrect free operations on DTLS objects during the shutdown of a WebRTC session.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDmozilla/firefox47.0.1+4
NVDoracle/linux5.0, 6, 7+2

🔴Vulnerability Details

3
GHSA
GHSA-5v6h-wvqr-3crq: Use-after-free vulnerability in the WebRTC socket thread in Mozilla Firefox before 482022-05-13
CVEList
CVE-2016-5258: Use-after-free vulnerability in the WebRTC socket thread in Mozilla Firefox before 482016-08-05
OSV
CVE-2016-5258: Use-after-free vulnerability in the WebRTC socket thread in Mozilla Firefox before 482016-08-05

📋Vendor Advisories

3
Ubuntu
Firefox vulnerabilities2016-08-05
Red Hat
Mozilla: Use-after-free in DTLS during WebRTC session shutdown (MFSA 2016-72)2016-08-02
Debian
CVE-2016-5258: firefox - Use-after-free vulnerability in the WebRTC socket thread in Mozilla Firefox befo...2016

💬Community

1
Bugzilla
CVE-2016-5258 Mozilla: Use-after-free in DTLS during WebRTC session shutdown (MFSA 2016-72)2016-08-01
CVE-2016-5258 — Use After Free in Mozilla Firefox | cvebase