CVE-2016-5261Integer Overflow or Wraparound in Firefox

CWE-190Integer Overflow or Wraparound10 documents7 sources
Severity
8.8HIGHNVD
OSV9.8
EPSS
0.9%
top 24.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxDebian FirefoxDebian Firefox-esr
Timeline
PublishedAug 5
Latest updateMay 14

Description

Integer overflow in the WebSocketChannel class in the WebSockets subsystem in Mozilla Firefox before 48.0 and Firefox ESR < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets that trigger incorrect buffer-resize operations during buffering.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

Ubuntumozilla/firefox< 48.0+build2-0ubuntu0.14.04.1+1
NVDmozilla/firefox47.0.1
debiandebian/firefox< firefox 48.0-1 (sid)
debiandebian/firefox-esr< firefox 48.0-1 (sid)

🔴Vulnerability Details

3
GHSA
GHSA-jrqh-qj76-c265: Integer overflow in the WebSocketChannel class in the WebSockets subsystem in Mozilla Firefox before 482022-05-14
OSV
CVE-2016-5261: Integer overflow in the WebSocketChannel class in the WebSockets subsystem in Mozilla Firefox before 482016-08-05
OSV
firefox vulnerabilities2016-08-05

📋Vendor Advisories

4
Red Hat
Mozilla: Integer overflow and memory corruption in WebSocketChannel (MFSA 2016-75, MFSA 2016-86)2016-09-20
Ubuntu
Firefox vulnerabilities2016-08-05
Red Hat
spice: Host memory access from guest with invalid primary surface parameters2016-06-06
Debian
CVE-2016-5261: firefox - Integer overflow in the WebSocketChannel class in the WebSockets subsystem in Mo...2016

💬Community

2
Bugzilla
CVE-2016-5261 Mozilla: Integer overflow and memory corruption in WebSocketChannel (MFSA 2016-75, MFSA 2016-86)2016-08-01
Bugzilla
CVE-2016-2150 spice: Host memory access from guest with invalid primary surface parameters2016-03-01