CVE-2016-5275Improper Restriction of Operations within the Bounds of a Memory Buffer in Firefox

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents7 sources
Severity
8.8HIGHNVD
OSV6.5
EPSS
1.7%
top 17.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxDebian FirefoxDebian Firefox-esr
Timeline
PublishedSep 22
Latest updateMay 17

Description

Buffer overflow in the mozilla::gfx::FilterSupport::ComputeSourceNeededRegions function in Mozilla Firefox before 49.0 allows remote attackers to execute arbitrary code by leveraging improper interaction between empty filters and CANVAS element rendering.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

Ubuntumozilla/firefox< 49.0+build4-0ubuntu0.14.04.1+1
NVDmozilla/firefox48.0.2
debiandebian/firefox< firefox 49.0-1 (sid)
debiandebian/firefox-esr< firefox 49.0-1 (sid)

🔴Vulnerability Details

3
GHSA
GHSA-jx5p-r5h3-74m9: Buffer overflow in the mozilla::gfx::FilterSupport::ComputeSourceNeededRegions function in Mozilla Firefox before 492022-05-17
OSV
CVE-2016-5275: Buffer overflow in the mozilla::gfx::FilterSupport::ComputeSourceNeededRegions function in Mozilla Firefox before 492016-09-22
OSV
firefox vulnerabilities2016-09-22

📋Vendor Advisories

3
Ubuntu
Firefox vulnerabilities2016-09-22
Red Hat
Mozilla: global-buffer-overflow in mozilla::gfx::FilterSupport::ComputeSourceNeededRegions (MFSA 2016-85)2016-09-20
Debian
CVE-2016-5275: firefox - Buffer overflow in the mozilla::gfx::FilterSupport::ComputeSourceNeededRegions f...2016

💬Community

1
Bugzilla
CVE-2016-5275 Mozilla: global-buffer-overflow in mozilla::gfx::FilterSupport::ComputeSourceNeededRegions (MFSA 2016-85)2016-09-20