CVE-2016-2828
Published: 8 June 2016
Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via WebGL content that triggers texture access after destruction of the texture's recycle pool.
Priority
Status
Package | Release | Status |
---|---|---|
firefox Launchpad, Ubuntu, Debian |
upstream |
Released
(47.0)
|
precise |
Released
(47.0+build3-0ubuntu0.12.04.1)
|
|
wily |
Released
(47.0+build3-0ubuntu0.15.10.1)
|
|
xenial |
Released
(47.0+build3-0ubuntu0.16.04.1)
|
|
trusty |
Released
(47.0+build3-0ubuntu0.14.04.1)
|
|
thunderbird Launchpad, Ubuntu, Debian |
upstream |
Not vulnerable
|
precise |
Not vulnerable
|
|
trusty |
Does not exist
(trusty was not-affected)
|
|
wily |
Not vulnerable
|
|
xenial |
Not vulnerable
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 8.8 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |