[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2016-1935Date: (C)2016-02-09   (M)2024-03-27


Buffer overflow in the BufferSubData function in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allows remote attackers to execute arbitrary code via crafted WebGL content.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 8.8CVSS Score : 9.3
Exploit Score: 2.8Exploit Score: 8.6
Impact Score: 5.9Impact Score: 10.0
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: MEDIUM
Privileges Required: NONEAuthentication: NONE
User Interaction: REQUIREDConfidentiality: COMPLETE
Scope: UNCHANGEDIntegrity: COMPLETE
Confidentiality: HIGHAvailability: COMPLETE
Integrity: HIGH 
Availability: HIGH 
  
Reference:
SECTRACK-1034825
BID-81952
DSA-3457
DSA-3491
GLSA-201605-06
RHSA-2016:0071
RHSA-2016:0258
SUSE-SU-2016:0338
USN-2880-1
USN-2880-2
USN-2904-1
http://www.mozilla.org/security/announce/2016/mfsa2016-03.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
https://bugzilla.mozilla.org/show_bug.cgi?id=1220450
openSUSE-SU-2016:0306
openSUSE-SU-2016:0309
openSUSE-SU-2016:0310
openSUSE-SU-2016:0488
openSUSE-SU-2016:0492

CPE    10
cpe:/o:opensuse:opensuse:13.1
cpe:/a:mozilla:firefox_esr:38.0
cpe:/o:oracle:linux:6.0
cpe:/o:oracle:linux:7.0
...
CWE    1
CWE-119
OVAL    26
oval:org.secpod.oval:def:703011
oval:org.secpod.oval:def:2102799
oval:org.secpod.oval:def:203821
oval:org.secpod.oval:def:89045264
...

© SecPod Technologies