CVE-2016-5272 : The nsImageGeometryMixin class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird

The nsImageGeometryMixin class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 does not properly perform a cast of an unspecified variable during handling of INPUT elements, which allows remote attackers to execute arbitrary code via a crafted web site.

Published 2016-09-22 22:59:06

Updated 2018-06-12 01:29:01

Source Mozilla Corporation

View at NVD, CVE.org

Vulnerability category: Input validationExecute code

Exploit prediction scoring system (EPSS) score for CVE-2016-5272

Probability of exploitation activity in the next 30 days: 1.57%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 86 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2016-5272

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
8.8	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	2.8	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2016-5272

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2016-5272

https://www.mozilla.org/security/advisories/mfsa2016-88/

Security vulnerabilities fixed in Thunderbird 45.4 — Mozilla

CVEs referencing this url
https://security.gentoo.org/glsa/201701-15

Mozilla Firefox, Thunderbird: Multiple vulnerabilities (GLSA 201701-15) — Gentoo security

CVEs referencing this url
https://bugzilla.mozilla.org/show_bug.cgi?id=1297934

1297934 - (CVE-2016-5272) Bad cast in nsImageGeometryMixin
Issue Tracking
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html

Oracle Linux Bulletin - October 2016

CVEs referencing this url
http://www.debian.org/security/2016/dsa-3674

Debian -- Security Information -- DSA-3674-1 firefox-esr

CVEs referencing this url
http://www.mozilla.org/security/announce/2016/mfsa2016-85.html

Security vulnerabilities fixed in Firefox 49 — Mozilla
Vendor Advisory

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2016-1912.html

RHSA-2016:1912 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
http://www.securityfocus.com/bid/93049

Mozilla Firefox Multiple Security Vulnerabilities

CVEs referencing this url
https://www.mozilla.org/security/advisories/mfsa2016-86/

Security vulnerabilities fixed in Firefox ESR 45.4 — Mozilla

CVEs referencing this url
http://www.securitytracker.com/id/1036852

Mozilla Firefox Multiple Flaws Let Remote Users Execute Arbitrary Code, Bypass Security Restrictions, Determine File Paths, and Obtain Potentially Sensitive Information - SecurityTracker

CVEs referencing this url

Products affected by CVE-2016-5272

Mozilla » Firefox
Versions up to, including, (<=) 48.0.2
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox Esr » Version: 45.1.0
cpe:2.3:a:mozilla:firefox_esr:45.1.0:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox Esr » Version: 45.1.1
cpe:2.3:a:mozilla:firefox_esr:45.1.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox Esr » Version: 45.2.0
cpe:2.3:a:mozilla:firefox_esr:45.2.0:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox Esr » Version: 45.3.0
cpe:2.3:a:mozilla:firefox_esr:45.3.0:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2016-5272

Exploit prediction scoring system (EPSS) score for CVE-2016-5272

CVSS scores for CVE-2016-5272

CWE ids for CVE-2016-5272

References for CVE-2016-5272

Products affected by CVE-2016-5272