9.8
CVE-2016-5257
- EPSS 4.24%
- Veröffentlicht 22.09.2016 22:59:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
- CVE-Watchlists
- Unerledigt
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4 and Thunderbird < 45.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.24% | 0.897 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
https://security.gentoo.org/glsa/201701-15
http://rhn.redhat.com/errata/RHSA-2016-1912.html
http://www.debian.org/security/2016/dsa-3674
https://www.mozilla.org/security/advisories/mfsa2016-86/
https://www.mozilla.org/security/advisories/mfsa2016-88/
http://www.securitytracker.com/id/1036852
http://www.mozilla.org/security/announce/2016/mfsa2016-85.html
http://rhn.redhat.com/errata/RHSA-2016-1985.html
http://www.debian.org/security/2016/dsa-3690
http://www.securityfocus.com/bid/93049
https://bugzilla.mozilla.org/show_bug.cgi?id=1277213
https://bugzilla.mozilla.org/show_bug.cgi?id=1287204
https://bugzilla.mozilla.org/show_bug.cgi?id=1288555
https://bugzilla.mozilla.org/show_bug.cgi?id=1288588
https://bugzilla.mozilla.org/show_bug.cgi?id=1288780
https://bugzilla.mozilla.org/show_bug.cgi?id=1289280
https://bugzilla.mozilla.org/show_bug.cgi?id=1293347
https://bugzilla.mozilla.org/show_bug.cgi?id=1294095
https://bugzilla.mozilla.org/show_bug.cgi?id=1294407