Vulnerability CVE-2016-5280: Information

Description

Use-after-free vulnerability in the mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via bidirectional text.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2016-5280
Published: Sept. 23, 2016
Modified: Oct. 30, 2018
Error type identifier: CWE-416

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
firefoxsisyphus49.0.1-alt1127.0-alt1ALT-PU-2016-2049-1170127Fixed
firefoxp1049.0.1-alt1118.0.2-alt0.p10.1ALT-PU-2016-2049-1170127Fixed
firefoxp949.0.1-alt1105.0.1-alt0.c9.1ALT-PU-2016-2049-1170127Fixed
firefoxp849.0.1-alt0.M80P.168.0.1-alt0.M80P.1ALT-PU-2016-2053-1170146Fixed
firefoxc10f149.0.1-alt1112.0.2-alt0.p10.1ALT-PU-2016-2049-1170127Fixed
firefoxc9f249.0.1-alt1105.0.1-alt0.c9.1ALT-PU-2016-2049-1170127Fixed
firefoxc752.5.3-alt0.M70C.160.8.0-alt0.M70C.1ALT-PU-2018-1225-1200642Fixed
firefoxp1149.0.1-alt1126.0.1-alt1ALT-PU-2016-2049-1170127Fixed
firefox-esrsisyphus52.1.1-alt1115.11.0-alt1ALT-PU-2017-1578-1182570Fixed
firefox-esrp1052.1.1-alt1115.11.0-alt1ALT-PU-2017-1578-1182570Fixed
firefox-esrp952.1.1-alt1102.11.0-alt0.c9.1ALT-PU-2017-1578-1182570Fixed
firefox-esrp852.3.0-alt0.M80P.168.4.1-alt0.M80P.1ALT-PU-2017-2230-1188380Fixed
firefox-esrc10f152.1.1-alt1115.9.1-alt0.c10.1ALT-PU-2017-1578-1182570Fixed
firefox-esrc9f252.1.1-alt1102.12.0-alt0.c9.1ALT-PU-2017-1578-1182570Fixed
firefox-esrp1152.1.1-alt1115.11.0-alt1ALT-PU-2017-1578-1182570Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1289970
  • Issue Tracking
  • Third Party Advisory
  • VDB Entry
http://www.mozilla.org/security/announce/2016/mfsa2016-85.html
  • Release Notes
  • Vendor Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
    93049
      DSA-3674
        GLSA-201701-15
          1036852
            RHSA-2016:1912
              https://www.mozilla.org/security/advisories/mfsa2016-88/
                https://www.mozilla.org/security/advisories/mfsa2016-86/

                    1. Configuration 1

                      cpe:2.3:a:mozilla:firefox_esr:45.1.1:*:*:*:*:*:*:*
                      cpe:2.3:a:mozilla:firefox_esr:45.0.1:*:*:*:*:*:*:*
                      cpe:2.3:a:mozilla:firefox_esr:45.2.0:*:*:*:*:*:*:*
                      cpe:2.3:a:mozilla:firefox_esr:45.3.0:*:*:*:*:*:*:*
                      cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
                      End including
                      48.0.2
                      cpe:2.3:a:mozilla:firefox_esr:45.0:*:*:*:*:*:*:*
                      cpe:2.3:a:mozilla:firefox:45.0.2:*:*:*:*:*:*:*
                  VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
                  Version: v24.5.3
                  Back to top