CVE-2016-5259
Low
Low
Medium
High
Critical
CVSS Score
Vulnerability Description
Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via a script that closes its own Service Worker within a nested sync event loop.
Known Affected Software
7 configuration(s) from 2 vendor(s)
firefox
Version:
45.1.0
CPE:
cpe:2.3:a:mozilla:firefox:45.1.0:*:*:*:esr:*:*:*
firefox
Version:
45.3.0
CPE:
cpe:2.3:a:mozilla:firefox:45.3.0:*:*:*:esr:*:*:*
firefox
Version:
45.2.0
CPE:
cpe:2.3:a:mozilla:firefox:45.2.0:*:*:*:esr:*:*:*
firefox
Version:
45.1.1
CPE:
cpe:2.3:a:mozilla:firefox:45.1.1:*:*:*:esr:*:*:*
linux
Version:
5.0
CPE:
cpe:2.3:o:oracle:linux:5.0:*:*:*:*:*:*:*
linux
Version:
7
CPE:
cpe:2.3:o:oracle:linux:7:8:*:*:*:*:*:*
linux
Version:
6
CPE:
cpe:2.3:o:oracle:linux:6:10:*:*:*:*:*:*
This vulnerability affects 7 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.htmlsecurity@mozilla.org
-
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.htmlsecurity@mozilla.org
-
http://rhn.redhat.com/errata/RHSA-2016-1551.htmlsecurity@mozilla.org
-
http://www.debian.org/security/2016/dsa-3640security@mozilla.org
-
http://www.mozilla.org/security/announce/2016/mfsa2016-73.htmlsecurity@mozilla.org Vendor Advisory
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.htmlsecurity@mozilla.org Third Party Advisory
-
http://www.securityfocus.com/bid/92258security@mozilla.org
-
http://www.securitytracker.com/id/1036508security@mozilla.org
-
http://www.ubuntu.com/usn/USN-3044-1security@mozilla.org
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1282992security@mozilla.org Exploit Issue Tracking
-
https://security.gentoo.org/glsa/201701-15security@mozilla.org
-
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.htmlaf854a3a-2127-422b-91ae-364da2661108
-
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.htmlaf854a3a-2127-422b-91ae-364da2661108
-
http://rhn.redhat.com/errata/RHSA-2016-1551.htmlaf854a3a-2127-422b-91ae-364da2661108
-
http://www.debian.org/security/2016/dsa-3640af854a3a-2127-422b-91ae-364da2661108
-
http://www.mozilla.org/security/announce/2016/mfsa2016-73.htmlaf854a3a-2127-422b-91ae-364da2661108 Vendor Advisory
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.htmlaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
http://www.securityfocus.com/bid/92258af854a3a-2127-422b-91ae-364da2661108
-
http://www.securitytracker.com/id/1036508af854a3a-2127-422b-91ae-364da2661108
-
http://www.ubuntu.com/usn/USN-3044-1af854a3a-2127-422b-91ae-364da2661108
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1282992af854a3a-2127-422b-91ae-364da2661108 Exploit Issue Tracking
-
https://security.gentoo.org/glsa/201701-15af854a3a-2127-422b-91ae-364da2661108
Severity Details
out of 10.0
Low
Weakness Type (CWE)
CWE-416
Top 25 #12
Use After Free
- Description
- The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations…
- Exploit Likelihood
- High
- Typical Severity
- High
- Abstraction Level
- Variant
Key Information
- Published Date
- August 05, 2016
