CVE-2016-9066Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer10 documents7 sources
Severity
7.5HIGHNVD
OSV9.8
EPSS
20.6%
top 4.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird+3 more
Timeline
PublishedJun 11
Latest updateMay 14

Description

A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages9 packages

debiandebian/firefox< firefox 50.0-1 (sid)
CVEListV5mozilla/firefoxunspecified50
NVDmozilla/firefox< 45.5.0+1
debiandebian/firefox-esr< firefox 50.0-1 (sid)
CVEListV5mozilla/firefox_esrunspecified45.5

Also affects: Debian Linux 8.0

🔴Vulnerability Details

4
GHSA
GHSA-m65c-6q88-9x7g: A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data2022-05-14
OSV
CVE-2016-9066: A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data2018-06-11
OSV
thunderbird vulnerabilities2016-12-01
OSV
firefox vulnerabilities2016-11-19

📋Vendor Advisories

4
Ubuntu
Thunderbird vulnerabilities2016-12-01
Ubuntu
Firefox vulnerabilities2016-11-19
Red Hat
Mozilla: Integer overflow leading to a buffer overflow in nsScriptLoadHandler (MFSA 2016-89, MFSA 2016-90)2016-11-16
Debian
CVE-2016-9066: firefox - A buffer overflow resulting in a potentially exploitable crash due to memory all...2016

💬Community

1
Bugzilla
CVE-2016-9066 Mozilla: Integer overflow leading to a buffer overflow in nsScriptLoadHandler (MFSA 2016-89, MFSA 2016-90)2016-11-15