CVE-2016-2808

MEDIUM

Description

The watch implementation in the JavaScript engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code or cause a denial of service (generation-count overflow, out-of-bounds HashMap write access, and application crash) via a crafted web site.

References

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00023.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00054.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00057.html

http://lists.opensuse.org/opensuse-updates/2016-05/msg00038.html

http://rhn.redhat.com/errata/RHSA-2016-0695.html

http://www.debian.org/security/2016/dsa-3559

http://www.mozilla.org/security/announce/2016/mfsa2016-47.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

http://www.securitytracker.com/id/1035692

http://www.ubuntu.com/usn/USN-2936-1

http://www.ubuntu.com/usn/USN-2936-2

http://www.ubuntu.com/usn/USN-2936-3

https://bugzilla.mozilla.org/show_bug.cgi?id=1246061

https://security.gentoo.org/glsa/201701-15

Details

Source: MITRE

Published: 2016-04-30

Updated: 2017-07-01

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 5.1

Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 4.9

Severity: MEDIUM

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.6

Severity: HIGH

Vulnerable Software

Configuration 1

cpe:2.3:a:mozilla:firefox:45.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* versions up to 45.0.2 (inclusive)

cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:38.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:38.0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:38.1.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:38.2.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:38.2.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:38.3.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:38.4.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:38.5.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:38.5.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:38.6.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:38.6.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:38.7.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:38.7.1:*:*:*:*:*:*:*

Tenable Plugins

View all (24 total)

ID	Name	Product	Family	Severity
96276	GLSA-201701-15 : Mozilla Firefox, Thunderbird: Multiple vulnerabilities (SWEET32)	Nessus	Gentoo Local Security Checks	critical
9380	Mozilla Firefox < 46.0 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
9379	Mozilla Firefox ESR 45.x < 45.1 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
9378	Mozilla Firefox ESR < 38.8 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
91298	SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2016:1374-1)	Nessus	SuSE Local Security Checks	critical
91281	SUSE SLES10 Security Update : Mozilla Firefox (SUSE-SU-2016:1352-1)	Nessus	SuSE Local Security Checks	critical
91255	Ubuntu 12.04 LTS / 14.04 LTS / 15.10 / 16.04 LTS : firefox regression (USN-2936-3)	Nessus	Ubuntu Local Security Checks	critical
91250	SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2016:1342-1)	Nessus	SuSE Local Security Checks	critical
91069	openSUSE Security Update : Firefox 46.0 (openSUSE-2016-566) (SWEET32)	Nessus	SuSE Local Security Checks	critical
90994	SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2016:1258-1)	Nessus	SuSE Local Security Checks	critical
90932	openSUSE Security Update : MozillaFirefox / mozilla-nss (openSUSE-2016-541)	Nessus	SuSE Local Security Checks	critical
90855	Ubuntu 12.04 LTS : oxygen-gtk3 update (USN-2936-2)	Nessus	Ubuntu Local Security Checks	critical
90793	Firefox < 46 Multiple Vulnerabilities	Nessus	Windows	critical
90792	Firefox ESR 45.x < 45.1 Multiple Vulnerabilities	Nessus	Windows	critical
90791	Firefox ESR < 38.8 Multiple Vulnerabilities	Nessus	Windows	critical
90790	Firefox < 46 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	critical
90789	Firefox ESR 45.x < 45.1 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	critical
90788	Firefox ESR < 38.8 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	critical
90767	Debian DSA-3559-1 : iceweasel - security update	Nessus	Debian Local Security Checks	critical
90753	Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	critical
90750	RHEL 5 / 6 / 7 : firefox (RHSA-2016:0695)	Nessus	Red Hat Local Security Checks	critical
90747	Oracle Linux 5 / 6 / 7 : firefox (ELSA-2016-0695)	Nessus	Oracle Linux Local Security Checks	critical
90741	FreeBSD : mozilla -- multiple vulnerabilities (92d44f83-a7bf-41cf-91ee-3d1b8ecf579f)	Nessus	FreeBSD Local Security Checks	critical
90723	CentOS 5 / 6 / 7 : firefox (CESA-2016:0695)	Nessus	CentOS Local Security Checks	critical