CVE-2016-5271

CVSS v3.0 6.5 (Medium)

CVSS v2.0 4.3 (Medium)

EPSS 0.84 % (82^th)

Affected Products 1

Advisories 5

The PropertyProvider::GetSpacingInternal function in Mozilla Firefox before 49.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via text runs in conjunction with a "display: contents" Cascading Style Sheets (CSS) property.

Weaknesses

CWE-125: Out-of-bounds Read

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2016-09-22 22:59:04
(8 years ago)
Updated Date: 2017-07-30 01:29:08
(7 years ago)

Affected Products

Mozilla

Firefox

Configuration #1

		CPE23	From	Up To
	Mozilla Firefox 48.0.2 and prior versions	cpe:2.3:a:mozilla:firefox		<= 48.0.2