Vulnerability Details : CVE-2016-2818
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Vulnerability category: Memory CorruptionExecute codeDenial of service
Products affected by CVE-2016-2818
- cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*
- cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:sp1:*:*:*:*:*:*
- cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*
- cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:sp1:*:*:*:*:*:*
- cpe:2.3:a:novell:suse_package_hub_for_suse_linux_enterprise:12:*:*:*:*:*:*:*
- cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:sp1:*:*:*:*:*:*
- cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:45.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:45.1.0:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-2818
0.43%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 59 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-2818
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
|
8.8
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2016-2818
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-2818
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1269729
Bugzilla.mozilla.org is offlineIssue Tracking;Permissions Required
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1256739
Bugzilla.mozilla.org is offlineIssue Tracking;Permissions Required
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1256968
Bugzilla.mozilla.org is offlineIssue Tracking;Permissions Required
-
http://www.debian.org/security/2016/dsa-3647
Debian -- Security Information -- DSA-3647-1 icedove
-
http://www.mozilla.org/security/announce/2016/mfsa2016-49.html
Miscellaneous memory safety hazards (rv:47.0 / rv:45.2) — MozillaVendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html
[security-announce] openSUSE-SU-2016:1552-1: important: Security updateThird Party Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1265577
Bugzilla.mozilla.org is offlineIssue Tracking;Permissions Required
-
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html
[security-announce] openSUSE-SU-2016:1769-1: important: Security updateThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html
[security-announce] openSUSE-SU-2016:1778-1: important: Security updateThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2016:1392
RHSA-2016:1392 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1261752
TreeStatusIssue Tracking;Permissions Required
-
http://www.ubuntu.com/usn/USN-3023-1
USN-3023-1: Thunderbird vulnerabilities | Ubuntu security notices
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1273701
Bugzilla.mozilla.org is offlineIssue Tracking;Permissions Required
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1264575
Bugzilla.mozilla.org is offlineIssue Tracking;Permissions Required
-
http://www.debian.org/security/2016/dsa-3600
Debian -- Security Information -- DSA-3600-1 firefox-esrThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html
[security-announce] openSUSE-SU-2016:1557-1: important: Security updateThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.html
[security-announce] SUSE-SU-2016:1691-1: important: Security update forThird Party Advisory
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
Oracle Linux Bulletin - April 2016
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1267130
TreeStatusIssue Tracking;Permissions Required
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1256493
Bugzilla.mozilla.org is offlineIssue Tracking;Permissions Required
-
http://www.ubuntu.com/usn/USN-2993-1
USN-2993-1: Firefox vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2016:1217
RHSA-2016:1217 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1273202
Bugzilla.mozilla.org is offlineIssue Tracking;Permissions Required
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1261230
Bugzilla.mozilla.org is offlineIssue Tracking;Permissions Required
-
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html
[security-announce] openSUSE-SU-2016:1767-1: important: Security updateThird Party Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1263384
Bugzilla.mozilla.org is offlineIssue Tracking;Permissions Required
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1234147
Bugzilla.mozilla.org is offlineIssue Tracking;Permissions Required
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
Oracle Linux Bulletin - July 2016
-
http://www.securityfocus.com/bid/91075
Mozilla Firefox Multiple Security Vulnerabilities
-
http://www.securitytracker.com/id/1036057
Mozilla Firefox Multiple Flaws Let Remote Users Execute Arbitrary Code, Bypass Security Restrictions, and Obtain Potentially Sensitive Information and Let Local Users Gain Elevated Privileges - SecuriThird Party Advisory;VDB Entry
Jump to