CVE-2016-2808 Information

Description

The watch implementation in the JavaScript engine in Mozilla Firefox before 46.0 Firefox ESR 38.x before 38.8 and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code or cause a denial of service (generation-count overflow out-of-bounds HashMap write access and application crash) via a crafted web site.

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Reference

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00057.html http://lists.opensuse.org/opensuse-updates/2016-05/msg00038.html http://rhn.redhat.com/errata/RHSA-2016-0695.html http://www.debian.org/security/2016/dsa-3559 http://www.mozilla.org/security/announce/2016/mfsa2016-47.html http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securitytracker.com/id/1035692 http://www.ubuntu.com/usn/USN-2936-1 http://www.ubuntu.com/usn/USN-2936-2 http://www.ubuntu.com/usn/USN-2936-3 https://bugzilla.mozilla.org/show_bug.cgi?id=1246061 https://security.gentoo.org/glsa/201701-15

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.5