PT-2016-1819 · Mozilla+3 · Firefox+3
Loobenyang
·
Publicado
2016-04-26
·
Atualizado
2024-06-15
·
CVE-2016-2812
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Mozilla Firefox versions prior to 46.0
Description
The issue is related to a race condition in the get implementation of the ServiceWorkerManager class in the Service Worker subsystem. This condition arises due to insufficient checking of the resource state when it can be shared. Exploitation of this issue may allow a remote attacker to execute arbitrary code or cause a denial of service, such as a buffer overflow leading to an application crash, by using a specially crafted web site.
Recommendations
For versions prior to 46.0, update to version 46.0 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable web sites to minimize the risk of exploitation.
Correção
RCE
DoS
Race Condition
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Firefox
Suse
Ubuntu