CVE-2016-5273Improper Access Control in Firefox

CWE-284Improper Access Control8 documents7 sources
Severity
8.8HIGHNVD
OSV6.5
EPSS
0.7%
top 28.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxDebian FirefoxDebian Firefox-esr
Timeline
PublishedSep 22
Latest updateMay 17

Description

The mozilla::a11y::HyperTextAccessible::GetChildOffset function in the accessibility implementation in Mozilla Firefox before 49.0 allows remote attackers to execute arbitrary code via a crafted web site.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

Ubuntumozilla/firefox< 49.0+build4-0ubuntu0.14.04.1+1
NVDmozilla/firefox48.0.2
debiandebian/firefox< firefox 49.0-1 (sid)
debiandebian/firefox-esr< firefox 49.0-1 (sid)

🔴Vulnerability Details

3
GHSA
GHSA-42rg-mhq2-97gq: The mozilla::a11y::HyperTextAccessible::GetChildOffset function in the accessibility implementation in Mozilla Firefox before 492022-05-17
OSV
CVE-2016-5273: The mozilla::a11y::HyperTextAccessible::GetChildOffset function in the accessibility implementation in Mozilla Firefox before 492016-09-22
OSV
firefox vulnerabilities2016-09-22

📋Vendor Advisories

3
Ubuntu
Firefox vulnerabilities2016-09-22
Red Hat
Mozilla: crash in mozilla::a11y::HyperTextAccessible::GetChildOffset (MFSA 2016-85)2016-09-20
Debian
CVE-2016-5273: firefox - The mozilla::a11y::HyperTextAccessible::GetChildOffset function in the accessibi...2016

💬Community

1
Bugzilla
CVE-2016-5273 Mozilla: crash in mozilla::a11y::HyperTextAccessible::GetChildOffset (MFSA 2016-85)2016-09-20