PT-2016-1820 · Mozilla+3 · Firefox+3

Looben Yang

Published

2016-04-26

Updated

2024-12-12

CVE-2016-2811

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 46.0

Description The issue is related to a use-after-free vulnerability in the ServiceWorkerInfo class of the Service Worker subsystem. This vulnerability can be exploited by a remote attacker to execute arbitrary code via vectors related to the BeginReading method. The vulnerability is associated with the use of memory after it has been freed.

Recommendations For versions prior to 46.0, update to version 46.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Service Worker subsystem until a patch is available. Avoid using the BeginReading method in affected versions until the issue is resolved.

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2016-1433

ALT-PU-2016-1454

BDU:2016-01153

CVE-2016-2811

OPENSUSE-SU-2016_1211-1

OPENSUSE-SU-2024:10071-1

OPENSUSE-SU-2024:14572-1

USN-2936-1

USN-2936-3

Affected Products

Alt Linux

Firefox

Suse

Ubuntu

PT-2016-1820 · Mozilla+3 · Firefox+3

CVE-2016-2811

Weakness Enumeration

Related Identifiers

Affected Products

References · 2087