PT-2016-5230 · Mozilla+5 · Firefox+6

Publicado

2016-08-02

·

Atualizado

2024-12-12

·

CVE-2016-2837

CVSS v2.0

6.8

Média

VetorAV:N/AC:M/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 48.0 Mozilla Firefox ESR 45.x versions prior to 45.3
Description The issue is related to a heap-based buffer overflow in the ClearKey Content Decryption Module (CDM) within the Encrypted Media Extensions (EME) API. This could potentially allow remote attackers to execute arbitrary code by providing a malformed video, leveraging a Gecko Media Plugin (GMP) sandbox bypass.
Recommendations For Mozilla Firefox versions prior to 48.0, update to version 48.0 or later. For Mozilla Firefox ESR 45.x versions prior to 45.3, update to version 45.3 or later.

Correção

RCE

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

ALT-PU-2016-1836
ALT-PU-2017-1578
CESA-2016_1551
CVE-2016-2837
DLA-585-1
DSA-3640-1
MGASA-2016-0278
OPENSUSE-SU-2016:2253-1
OPENSUSE-SU-2016:2254-1
OPENSUSE-SU-2016_1964-1
OPENSUSE-SU-2016_2026-1
OPENSUSE-SU-2024:10071-1
OPENSUSE-SU-2024:10230-1
OPENSUSE-SU-2024:14572-1
RHSA-2016:1551
RHSA-2016_1551
SUSE-SU-2016:2061-1
SUSE-SU-2016:2131-1
SUSE-SU-2016:2195-1
USN-3044-1
ZDI-16-673

Produtos afetados

Alt Linux
Centos
Gecko Media Plugin
Firefox
Red Hat
Suse
Ubuntu