CVE-2016-2828

EPSS 2.1%
Published 13.06.2016 10:59:10
Last modified 12.04.2025 10:46:40
Source security@mozilla.org
Teams watchlist Login
Open Login

Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via WebGL content that triggers texture access after destruction of the texture's recycle pool.

Affected products Warnungen 0 Metrics 3 CWE 0 References 14

Data is provided by the National Vulnerability Database (NVD)

Canonical ≫ Ubuntu Linux Version12.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version15.10

Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts

Opensuse ≫ Leap Version42.1

Opensuse ≫ Opensuse Version13.1

Opensuse ≫ Opensuse Version13.2

Mozilla ≫ Firefox Version <= 46.0.1

Mozilla ≫ Firefox Version45.1.0

Mozilla ≫ Firefox Version45.1.1

Debian ≫ Debian Linux Version8.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	2.1%	0.835

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.html

http://www.securityfocus.com/bid/91075

http://www.securitytracker.com/id/1036057

http://www.ubuntu.com/usn/USN-2993-1

http://www.debian.org/security/2016/dsa-3600

https://access.redhat.com/errata/RHSA-2016:1217

http://www.mozilla.org/security/announce/2016/mfsa2016-56.html

Vendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=1223810

https://nvd.nist.gov/vuln/detail/CVE-2016-2828

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-2828

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-2828

EUVD