PT-2016-3237 · Mozilla+5 · Firefox Esr+6

Aki Helin

Published

2016-01-26

Updated

2024-12-12

CVE-2016-1935

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 44.0 Firefox ESR versions prior to 38.6

Description The issue arises from a buffer overflow in the BufferSubData function due to incorrect handling of WebGL content. This can allow remote attackers to execute arbitrary code or cause a denial of service via specially crafted WebGL content.

Recommendations For Mozilla Firefox versions prior to 44.0, update to version 44.0 or later. For Firefox ESR versions prior to 38.6, update to version 38.6 or later.

Fix

RCE

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALT-PU-2016-1057

ALT-PU-2016-1454

BDU:2018-00029

CESA-2016_0071

CESA-2016_0258

CVE-2016-1935

DSA-3457-1

DSA-3491-1

MGASA-2016-0041

MGASA-2016-0078

OPENSUSE-SU-2016_0309-1

OPENSUSE-SU-2016_0310-1

OPENSUSE-SU-2024:10071-1

OPENSUSE-SU-2024:10230-1

OPENSUSE-SU-2024:14572-1

RHSA-2016:0071

RHSA-2016:0258

RHSA-2016_0071

RHSA-2016_0258

SUSE-SU-2016:0334-1

SUSE-SU-2016:0338-1

SUSE-SU-2016:0584-1

USN-2880-1

USN-2880-2

USN-2904-1

Affected Products

Alt Linux

Centos

Firefox Esr

Firefox

Red Hat

Suse

Ubuntu

PT-2016-3237 · Mozilla+5 · Firefox Esr+6

CVE-2016-1935

Weakness Enumeration

Related Identifiers

Affected Products

References · 2164