CVE-2016-2807 Information
Description
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 Firefox ESR 38.x before 38.8 and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Reference
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00057.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html http://lists.opensuse.org/opensuse-updates/2016-05/msg00038.html http://rhn.redhat.com/errata/RHSA-2016-0695.html http://rhn.redhat.com/errata/RHSA-2016-1041.html http://www.debian.org/security/2016/dsa-3559 http://www.debian.org/security/2016/dsa-3576 http://www.mozilla.org/security/announce/2016/mfsa2016-39.html http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securitytracker.com/id/1035692 http://www.ubuntu.com/usn/USN-2936-1 http://www.ubuntu.com/usn/USN-2936-2 http://www.ubuntu.com/usn/USN-2936-3 http://www.ubuntu.com/usn/USN-2973-1 https://bugzilla.mozilla.org/show_bug.cgi?id=1187420 https://bugzilla.mozilla.org/show_bug.cgi?id=1252707 https://bugzilla.mozilla.org/show_bug.cgi?id=1254164 https://bugzilla.mozilla.org/show_bug.cgi?id=1254622 https://bugzilla.mozilla.org/show_bug.cgi?id=1254876 https://security.gentoo.org/glsa/201701-15
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
8.8
Share on: