Integer overflow in the WebSocketChannel class in the WebSockets subsystem in Mozilla Firefox before 48.0 and Firefox ESR < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets that trigger incorrect buffer-resize operations during buffering.
References
Configurations
History
21 Nov 2024, 02:53
Type | Values Removed | Values Added |
---|---|---|
References | () http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html - | |
References | () http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html - | |
References | () http://rhn.redhat.com/errata/RHSA-2016-1912.html - | |
References | () http://www.debian.org/security/2016/dsa-3674 - | |
References | () http://www.mozilla.org/security/announce/2016/mfsa2016-75.html - Vendor Advisory | |
References | () http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html - | |
References | () http://www.securityfocus.com/bid/92260 - | |
References | () http://www.securitytracker.com/id/1036508 - | |
References | () http://www.ubuntu.com/usn/USN-3044-1 - | |
References | () https://bugzilla.mozilla.org/show_bug.cgi?id=1287266 - Issue Tracking, Permissions Required | |
References | () https://security.gentoo.org/glsa/201701-15 - | |
References | () https://www.mozilla.org/security/advisories/mfsa2016-86/ - |
Information
Published : 2016-08-05 01:59
Updated : 2024-11-21 02:53
NVD link : CVE-2016-5261
Mitre link : CVE-2016-5261
CVE.ORG link : CVE-2016-5261
JSON object : View
Products Affected
mozilla
- firefox
CWE
CWE-190
Integer Overflow or Wraparound