Vulnerability Details : CVE-2016-5280
Use-after-free vulnerability in the mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via bidirectional text.
Vulnerability category: Memory CorruptionExecute code
Products affected by CVE-2016-5280
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:45.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:45.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:45.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:45.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:45.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:45.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-5280
5.72%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 93 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-5280
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2016-5280
-
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-5280
-
https://www.mozilla.org/security/advisories/mfsa2016-88/
Security vulnerabilities fixed in Thunderbird 45.4 — Mozilla
-
https://security.gentoo.org/glsa/201701-15
Mozilla Firefox, Thunderbird: Multiple vulnerabilities (GLSA 201701-15) — Gentoo security
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
Oracle Linux Bulletin - October 2016
-
http://www.debian.org/security/2016/dsa-3674
Debian -- Security Information -- DSA-3674-1 firefox-esr
-
http://www.mozilla.org/security/announce/2016/mfsa2016-85.html
Security vulnerabilities fixed in Firefox 49 — MozillaRelease Notes;Vendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-1912.html
RHSA-2016:1912 - Security Advisory - Red Hat Customer Portal
-
http://www.securityfocus.com/bid/93049
Mozilla Firefox Multiple Security Vulnerabilities
-
https://www.mozilla.org/security/advisories/mfsa2016-86/
Security vulnerabilities fixed in Firefox ESR 45.4 — Mozilla
-
http://www.securitytracker.com/id/1036852
Mozilla Firefox Multiple Flaws Let Remote Users Execute Arbitrary Code, Bypass Security Restrictions, Determine File Paths, and Obtain Potentially Sensitive Information - SecurityTracker
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1289970
1289970 - (CVE-2016-5280) UAF in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMapIssue Tracking;Third Party Advisory;VDB Entry
Jump to