CVE-2016-5263 — Incorrect Type Conversion or Cast in Mozilla Firefox

CWE-704 — Incorrect Type Conversion or Cast8 documents8 sources

Severity

8.8HIGHNVD

EPSS

0.7%

top 28.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Oracle Linux

Timeline

PublishedAug 5

Latest updateMay 13

Description

The nsDisplayList::HitTest function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 mishandles rendering display transformation, which allows remote attackers to execute arbitrary code via a crafted web site that leverages "type confusion."

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDmozilla/firefox47.0.1+4

▶NVDoracle/linux5.0, 6, 7+2

🔴Vulnerability Details

GHSA

GHSA-f56r-gj93-xc2f: The nsDisplayList::HitTest function in Mozilla Firefox before 48↗2022-05-13

▶

OSV

CVE-2016-5263: The nsDisplayList::HitTest function in Mozilla Firefox before 48↗2016-08-05

▶

CVEList

CVE-2016-5263: The nsDisplayList::HitTest function in Mozilla Firefox before 48↗2016-08-05

▶

📋Vendor Advisories

Ubuntu

Firefox vulnerabilities↗2016-08-05

▶

Red Hat

Mozilla: Type confusion in display transformation (MFSA 2016-78)↗2016-08-02

▶

Debian

CVE-2016-5263: firefox - The nsDisplayList::HitTest function in Mozilla Firefox before 48.0 and Firefox E...↗2016

▶

💬Community

Bugzilla

CVE-2016-5263 Mozilla: Type confusion in display transformation (MFSA 2016-78)↗2016-08-01

▶