PT-2016-2524 · Mozilla+5 · Firefox Esr+6

Samuel Groß

Publicado

2016-08-03

Atualizado

2024-12-12

CVE-2016-5261

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 48.0 Mozilla Firefox ESR versions prior to 45.4

Description The issue is caused by an integer overflow in the WebSocketChannel class within the WebSockets subsystem. This allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption, via crafted packets that trigger incorrect buffer-resize operations during buffering.

Recommendations For Mozilla Firefox versions prior to 48.0, update to version 48.0 or later to resolve the issue. For Mozilla Firefox ESR versions prior to 45.4, update to version 45.4 or later to resolve the issue.

Correção

RCE

DoS

Integer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-190

Identificadores relacionados

ALT-PU-2016-1836

ALT-PU-2017-1578

BDU:2016-01915

CESA-2016_1912

CVE-2016-5261

DLA-636-1

DSA-3674-1

MGASA-2016-0329

OPENSUSE-SU-2016_1964-1

OPENSUSE-SU-2016_2026-1

OPENSUSE-SU-2024:10071-1

OPENSUSE-SU-2024:14572-1

RHSA-2016:1912

RHSA-2016_1912

SUSE-SU-2016:2431-1

SUSE-SU-2016:2434-1

SUSE-SU-2016:2513-1

USN-3044-1

Produtos afetados

Alt Linux

Centos

Firefox

Firefox Esr

Red Hat

Suse

Ubuntu

PT-2016-2524 · Mozilla+5 · Firefox Esr+6

CVE-2016-5261

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 2116