CVE-2016-2828

CVSS v3.0 8.8 (High)

CVSS v2.0 6.8 (Medium)

EPSS 3.37 % (92^th)

Affected Products 6

Advisories 8

Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via WebGL content that triggers texture access after destruction of the texture's recycle pool.

Weaknesses

CWE-NVD-Other

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2016-06-13 10:59:10
(8 years ago)
Updated Date: 2018-10-30 16:27:35
(5 years ago)

Affected Products

Canonical

Ubuntu Linux

Debian

Debian Linux

Mozilla

Opensuse

Configuration #1

		CPE23	From	Up To
	Canonical Ubuntu Linux 12.04	cpe:2.3:o:canonical:ubuntu_linux:12.04:::*:lts
	Canonical Ubuntu Linux 14.04	cpe:2.3:o:canonical:ubuntu_linux:14.04:::*:lts
	Canonical Ubuntu Linux 15.10	cpe:2.3:o:canonical:ubuntu_linux:15.10
	Canonical Ubuntu Linux 16.04	cpe:2.3:o:canonical:ubuntu_linux:16.04:::*:lts

Configuration #2

		CPE23	From	Up To
	Opensuse Leap 42.1	cpe:2.3:o:opensuse:leap:42.1
	Opensuse 13.1	cpe:2.3:o:opensuse:opensuse:13.1
	Opensuse 13.2	cpe:2.3:o:opensuse:opensuse:13.2

Configuration #3

		CPE23	From	Up To
	Mozilla Firefox 46.0.1 and prior versions	cpe:2.3:a:mozilla:firefox		<= 46.0.1

Configuration #4

		CPE23	From	Up To
	Mozilla Firefox Esr 45.1.0	cpe:2.3:a:mozilla:firefox_esr:45.1.0
	Mozilla Firefox Esr 45.1.1	cpe:2.3:a:mozilla:firefox_esr:45.1.1

Configuration #5

		CPE23	From	Up To
	Debian Linux 8.0	cpe:2.3:o:debian:debian_linux:8.0