CVE-2016-5264
Published: 03 August 2016
Use-after-free vulnerability in the nsNodeUtils::NativeAnonymousChildListChange function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an SVG element that is mishandled during effect application.
Priority
CVSS 3 base score: 8.8
Status
Package | Release | Status |
---|---|---|
firefox Launchpad, Ubuntu, Debian |
Upstream |
Released
(48)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Released
(48.0+build2-0ubuntu0.16.04.1)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was released [48.0+build2-0ubuntu0.14.04.1])
|
|
thunderbird Launchpad, Ubuntu, Debian |
Upstream |
Not vulnerable
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was not-affected)
|