PT-2016-1820 · Mozilla+3 · Firefox+3

Looben Yang

Publicado

2016-04-26

Atualizado

2024-12-12

CVE-2016-2811

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 46.0

Description The issue is related to a use-after-free vulnerability in the ServiceWorkerInfo class of the Service Worker subsystem. This vulnerability can be exploited by a remote attacker to execute arbitrary code via vectors related to the BeginReading method. The vulnerability is associated with the use of memory after it has been freed.

Recommendations For versions prior to 46.0, update to version 46.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Service Worker subsystem until a patch is available. Avoid using the BeginReading method in affected versions until the issue is resolved.

Correção

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416

Identificadores relacionados

ALT-PU-2016-1433

ALT-PU-2016-1454

BDU:2016-01153

CVE-2016-2811

OPENSUSE-SU-2016_1211-1

OPENSUSE-SU-2024:10071-1

OPENSUSE-SU-2024:14572-1

USN-2936-1

USN-2936-3

Produtos afetados

Alt Linux

Firefox

Suse

Ubuntu

PT-2016-1820 · Mozilla+3 · Firefox+3

CVE-2016-2811

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 2087