1. Home
  2. Vulnerabilities
  3. CVE-2016-5258

CVE-2016-5258

CVSS v3.0 8.8 (High)
88% Progress
CVSS v2.0 6.8 (Medium)
68% Progress
EPSS 2.55 % (90th)
2.55% Progress
Affected Products 3
Advisories 11
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

Use-after-free vulnerability in the WebRTC socket thread in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code by leveraging incorrect free operations on DTLS objects during the shutdown of a WebRTC session.

Weaknesses
CWE-416
Use After Free
CVE Status
PUBLISHED
CNA
Mozilla Corporation
Published Date
2016-08-05 01:59:14
(8 years ago)
Updated Date
2019-12-27 16:08:55
(4 years ago)

Affected Products

Mozilla

Oracle

Configuration #1

    CPE23 From Up To
  Oracle Linux 5.0 cpe:2.3:o:oracle:linux:5.0
  Oracle Linux 6 cpe:2.3:o:oracle:linux:6
  Oracle Linux 7 cpe:2.3:o:oracle:linux:7

Configuration #2

    CPE23 From Up To
  Mozilla Firefox 47.0.1 and prior versions cpe:2.3:a:mozilla:firefox <= 47.0.1
  Mozilla Firefox Esr 45.1.0 cpe:2.3:a:mozilla:firefox_esr:45.1.0
  Mozilla Firefox Esr 45.1.1 cpe:2.3:a:mozilla:firefox_esr:45.1.1
  Mozilla Firefox Esr 45.2.0 cpe:2.3:a:mozilla:firefox_esr:45.2.0
  Mozilla Firefox Esr 45.3.0 cpe:2.3:a:mozilla:firefox_esr:45.3.0