Vulnerability Details : CVE-2016-2824
The TSymbolTableLevel class in ANGLE, as used in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows, allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact by triggering use of a WebGL shader that writes to an array.
Vulnerability category: Denial of service
Products affected by CVE-2016-2824
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:45.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:45.1.0:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-2824
1.73%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 88 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-2824
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
8.8
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2016-2824
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-2824
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1248580
Bugzilla.mozilla.org is offline
-
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html
[security-announce] openSUSE-SU-2016:1552-1: important: Security update
-
http://www.mozilla.org/security/announce/2016/mfsa2016-53.html
Out-of-bounds write with WebGL shader — MozillaVendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html
[security-announce] openSUSE-SU-2016:1557-1: important: Security update
-
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.html
[security-announce] SUSE-SU-2016:1691-1: important: Security update for
-
http://www.securityfocus.com/bid/91075
Mozilla Firefox Multiple Security Vulnerabilities
-
http://www.securitytracker.com/id/1036057
Mozilla Firefox Multiple Flaws Let Remote Users Execute Arbitrary Code, Bypass Security Restrictions, and Obtain Potentially Sensitive Information and Let Local Users Gain Elevated Privileges - Securi
Jump to