CVE-2016-5263
Low
Low
Medium
High
Critical
CVSS Score
Vulnerability Description
The nsDisplayList::HitTest function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 mishandles rendering display transformation, which allows remote attackers to execute arbitrary code via a crafted web site that leverages "type confusion."
Known Affected Software
7 configuration(s) from 2 vendor(s)
firefox
Version:
45.1.0
CPE:
cpe:2.3:a:mozilla:firefox:45.1.0:*:*:*:esr:*:*:*
firefox
Version:
45.3.0
CPE:
cpe:2.3:a:mozilla:firefox:45.3.0:*:*:*:esr:*:*:*
firefox
Version:
45.2.0
CPE:
cpe:2.3:a:mozilla:firefox:45.2.0:*:*:*:esr:*:*:*
firefox
Version:
45.1.1
CPE:
cpe:2.3:a:mozilla:firefox:45.1.1:*:*:*:esr:*:*:*
linux
Version:
5.0
CPE:
cpe:2.3:o:oracle:linux:5.0:*:*:*:*:*:*:*
linux
Version:
7
CPE:
cpe:2.3:o:oracle:linux:7:8:*:*:*:*:*:*
linux
Version:
6
CPE:
cpe:2.3:o:oracle:linux:6:10:*:*:*:*:*:*
This vulnerability affects 7 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.htmlsecurity@mozilla.org
-
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.htmlsecurity@mozilla.org
-
http://rhn.redhat.com/errata/RHSA-2016-1551.htmlsecurity@mozilla.org
-
http://www.debian.org/security/2016/dsa-3640security@mozilla.org
-
http://www.mozilla.org/security/announce/2016/mfsa2016-78.htmlsecurity@mozilla.org Vendor Advisory
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.htmlsecurity@mozilla.org Third Party Advisory
-
http://www.securityfocus.com/bid/92258security@mozilla.org
-
http://www.securitytracker.com/id/1036508security@mozilla.org
-
http://www.ubuntu.com/usn/USN-3044-1security@mozilla.org
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1276897security@mozilla.org Issue Tracking Permissions Required
-
https://security.gentoo.org/glsa/201701-15security@mozilla.org
-
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.htmlaf854a3a-2127-422b-91ae-364da2661108
-
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.htmlaf854a3a-2127-422b-91ae-364da2661108
-
http://rhn.redhat.com/errata/RHSA-2016-1551.htmlaf854a3a-2127-422b-91ae-364da2661108
-
http://www.debian.org/security/2016/dsa-3640af854a3a-2127-422b-91ae-364da2661108
-
http://www.mozilla.org/security/announce/2016/mfsa2016-78.htmlaf854a3a-2127-422b-91ae-364da2661108 Vendor Advisory
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.htmlaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
http://www.securityfocus.com/bid/92258af854a3a-2127-422b-91ae-364da2661108
-
http://www.securitytracker.com/id/1036508af854a3a-2127-422b-91ae-364da2661108
-
http://www.ubuntu.com/usn/USN-3044-1af854a3a-2127-422b-91ae-364da2661108
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1276897af854a3a-2127-422b-91ae-364da2661108 Issue Tracking Permissions Required
-
https://security.gentoo.org/glsa/201701-15af854a3a-2127-422b-91ae-364da2661108
Severity Details
out of 10.0
Low
Weakness Type (CWE)
CWE-704
Incorrect Type Conversion or Cast
- Description
- The product does not correctly convert an object, resource, or structure from one type to a different type.
- Typical Severity
- Medium
- Abstraction Level
- Class
Key Information
- Published Date
- August 05, 2016
