PT-2016-2528 · Mozilla+3 · Firefox+3

Jujjyl

Published

2016-08-02

Updated

2024-12-12

CVE-2016-5255

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 48.0

Description The issue is related to a use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function. This vulnerability can be exploited by remote attackers to execute arbitrary code via crafted JavaScript that is mishandled during incremental garbage collection.

Recommendations For versions prior to 48.0, update to version 48.0 or later to resolve the issue.

Fix

RCE

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2016-1836

ALT-PU-2017-1578

BDU:2016-01919

CVE-2016-5255

OPENSUSE-SU-2016_1964-1

OPENSUSE-SU-2016_2026-1

OPENSUSE-SU-2024:10071-1

OPENSUSE-SU-2024:14572-1

USN-3044-1

Affected Products

Alt Linux

Firefox

Suse

Ubuntu

PT-2016-2528 · Mozilla+3 · Firefox+3

CVE-2016-5255

Weakness Enumeration

Related Identifiers

Affected Products

References · 2095