9.8

CVE-2016-5281

Use-after-free vulnerability in the DOMSVGLength class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between JavaScript code and an SVG document.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox Version <= 48.0.2
MozillaFirefox Version45.0
MozillaFirefox Version45.0.1
MozillaFirefox Version45.0.2
MozillaFirefox Version45.1.1
MozillaFirefox Version45.2.0
MozillaFirefox Version45.3.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.04% 0.912
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
https://security.gentoo.org/glsa/201701-15
http://rhn.redhat.com/errata/RHSA-2016-1912.html
http://www.debian.org/security/2016/dsa-3674
https://www.mozilla.org/security/advisories/mfsa2016-86/
https://www.mozilla.org/security/advisories/mfsa2016-88/
http://www.securitytracker.com/id/1036852
http://www.mozilla.org/security/announce/2016/mfsa2016-85.html
Vendor Advisory
Release Notes
http://www.securityfocus.com/bid/93049
http://www.geeknik.net/7gr1u98b9
Not Applicable
https://bugzilla.mozilla.org/show_bug.cgi?id=1284690
Third Party Advisory
VDB Entry
Issue Tracking