CVE-2016-9893Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer11 documents8 sources
Severity
9.8CRITICALNVD
EPSS
2.7%
top 14.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird+7 more
Timeline
PublishedJun 11
Latest updateMay 14

Description

Memory safety bugs were reported in Thunderbird 45.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages10 packages

CVEListV5mozilla/firefoxunspecified50.1
NVDmozilla/firefox< 50.1+1
CVEListV5mozilla/firefox_esrunspecified45.6
CVEListV5mozilla/thunderbirdunspecified45.6
NVDmozilla/thunderbird< 45.6.0

Also affects: Debian Linux 9.0, Enterprise Linux 5.0, 6.0, 7.0, 7.3, 7.4, 7.5

🔴Vulnerability Details

5
GHSA
GHSA-c8hw-wjgm-chwm: Memory safety bugs were reported in Thunderbird 452022-05-14
CVEList
CVE-2016-9893: Memory safety bugs were reported in Thunderbird 452018-06-11
OSV
CVE-2016-9893: Memory safety bugs were reported in Thunderbird 452018-06-11
OSV
thunderbird vulnerabilities2017-01-28
OSV
firefox vulnerabilities2016-12-13

📋Vendor Advisories

4
Ubuntu
Thunderbird vulnerabilities2017-01-28
Red Hat
Mozilla: Memory safety bugs fixed in Firefox 50.1 and Firefox ESR 45.6 (MFSA 2016-95)2016-12-14
Ubuntu
Firefox vulnerabilities2016-12-13
Debian
CVE-2016-9893: firefox - Memory safety bugs were reported in Thunderbird 45.5. Some of these bugs showed ...2016

💬Community

1
Bugzilla
CVE-2016-9893 Mozilla: Memory safety bugs fixed in Firefox 50.1 and Firefox ESR 45.6 (MFSA 2016-95)2016-12-13
CVE-2016-9893 — Mozilla Firefox vulnerability | cvebase