CVE-2016-1935

HIGH

Mozilla Firefox <44.0 - Firefox ESR <38.6 - RCE

Title source: llm

Description

Buffer overflow in the BufferSubData function in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allows remote attackers to execute arbitrary code via crafted WebGL content.

References (19)

Core 19

Core References

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2016/dsa-3457

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2016/dsa-3491

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-updates/2016-02/msg00105.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1034825

Third Party Advisory x_refsource_confirm

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2016-0071.html

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-2880-1

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-2880-2

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2016-0258.html

Issue Tracking x_refsource_confirm

https://bugzilla.mozilla.org/show_bug.cgi?id=1220450

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00010.html

Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-2904-1

Third Party Advisory vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/201605-06

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-updates/2016-02/msg00101.html

Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html

Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00003.html

Vendor Advisory x_refsource_confirm

http://www.mozilla.org/security/announce/2016/mfsa2016-03.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/81952

Scores

CVSS v3 8.8

EPSS 0.0046

EPSS Percentile 64.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-119

Status published

Products (13)

mozilla/firefox 38.0

mozilla/firefox 38.1.0

mozilla/firefox 38.2.0

mozilla/firefox 38.3.0

mozilla/firefox 38.4.0

mozilla/firefox 38.5.0

mozilla/firefox < 43.0.4

opensuse/leap 42.1

opensuse/opensuse 13.1

opensuse/opensuse 13.2

... and 3 more

Published Jan 31, 2016

Tracked Since Feb 18, 2026