{"alias":[],"description":"Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.","epss":{"percentile":"0.82469","score":"0.017100"},"id":"CVE-2016-5256","metrics":{"cvss2":{"ac_insuf_info":0,"access_complexity":"LOW","access_vector":"NETWORK","authentication":"NONE","availability_impact":"PARTIAL","base_score":7.5,"base_severity":"HIGH","confidentiality_impact":"PARTIAL","exploitability_score":10.0,"impact_score":6.4,"integrity_impact":"PARTIAL","obtain_all_privilege":0,"obtain_other_privilege":0,"obtain_user_privilege":0,"user_interaction_required":0,"vector_string":"AV:N\/AC:L\/Au:N\/C:P\/I:P\/A:P","version":"2.0"},"cvss3":{"attack_complexity":"LOW","attack_vector":"NETWORK","availability_impact":"HIGH","base_score":9.8,"base_severity":"CRITICAL","confidentiality_impact":"HIGH","exploitability_score":3.9,"impact_score":5.9,"integrity_impact":"HIGH","privileges_required":"NONE","scope":"UNCHANGED","user_interaction":"NONE","vector_string":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H","version":"3.0"}},"modified":"2026-05-06T22:30:45","nvd_status":"Modified","published":"2016-09-22T22:59:01","score":9.8,"severity":"CRITICAL","source":"security@mozilla.org","status":"PUBLISHED","weaknesses":[{"id":"CWE-119","name":"Improper Restriction of Operations within the Bounds of a Memory Buffer","type":"weakness"}]}