PT-2016-2524 · Mozilla+5 · Firefox Esr+6

Samuel Groß

Published

2016-08-03

Updated

2024-12-12

CVE-2016-5261

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 48.0 Mozilla Firefox ESR versions prior to 45.4

Description The issue is caused by an integer overflow in the WebSocketChannel class within the WebSockets subsystem. This allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption, via crafted packets that trigger incorrect buffer-resize operations during buffering.

Recommendations For Mozilla Firefox versions prior to 48.0, update to version 48.0 or later to resolve the issue. For Mozilla Firefox ESR versions prior to 45.4, update to version 45.4 or later to resolve the issue.

Fix

RCE

DoS

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALT-PU-2016-1836

ALT-PU-2017-1578

BDU:2016-01915

CESA-2016_1912

CVE-2016-5261

DLA-636-1

DSA-3674-1

MGASA-2016-0329

OPENSUSE-SU-2016_1964-1

OPENSUSE-SU-2016_2026-1

OPENSUSE-SU-2024:10071-1

OPENSUSE-SU-2024:14572-1

RHSA-2016:1912

RHSA-2016_1912

SUSE-SU-2016:2431-1

SUSE-SU-2016:2434-1

SUSE-SU-2016:2513-1

USN-3044-1

Affected Products

Alt Linux

Centos

Firefox

Firefox Esr

Red Hat

Suse

Ubuntu

PT-2016-2524 · Mozilla+5 · Firefox Esr+6

CVE-2016-5261

Weakness Enumeration

Related Identifiers

Affected Products

References · 2116