Home

CVE-2016-2819

Description

Heap-based buffer overflow in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via foreign-context HTML5 fragments, as demonstrated by fragments within an SVG element.

Risk Information

Base Score
8.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
65.031

Associated Vulnerability

VulnerabilityOS Platform
Update for Mozilla Firefox (47.0)Windows
Update for Mozilla Firefox x64 (47.0)Windows
Update for Mozilla Firefox (47.0.1)Windows
Update for Mozilla Firefox x64 (47.0.1)Windows
Update for Mozilla Firefox ESR (45.2.0)Windows
Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 46.0.1Windows
Multiple Vulnerabilities are affected in Mozilla_Firefox 46.0.1Windows
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (47.0)Mac
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (47.0.1)Mac
Multiple Vulnerabilities are affected in Firefox ESR for Mac 45.1.1Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 45.1.1Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 46.0.1Mac
Multiple Vulnerabilities are affected in Firefox ESR for Mac 45.1.0Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 45.1.0Mac
Multiple vulnerabilities are fixed in Mozilla Firefox For Mac 45.2Mac
Mozilla Open Source web browser (USN-2993-1) firefox_47.0+build3-0ubuntu0.12.04.1_i386.debLinux
Mozilla Open Source web browser (USN-2993-1) firefox_47.0+build3-0ubuntu0.12.04.1_amd64.debLinux
Mozilla Open Source web browser (USN-2993-1) firefox_47.0+build3-0ubuntu0.14.04.1_i386.debLinux
Mozilla Open Source web browser (USN-2993-1) firefox_47.0+build3-0ubuntu0.14.04.1_amd64.debLinux
Mozilla Open Source web browser (USN-2993-1) firefox_47.0+build3-0ubuntu0.15.10.1_i386.debLinux
Mozilla Open Source web browser (USN-2993-1) firefox_47.0+build3-0ubuntu0.15.10.1_amd64.debLinux
Mozilla Open Source web browser (USN-2993-1) firefox_47.0+build3-0ubuntu0.16.04.1_i386.debLinux
Mozilla Open Source web browser (USN-2993-1) firefox_47.0+build3-0ubuntu0.16.04.1_amd64.debLinux
iceweasel/firefox-esr security update(DSA-3600-1) firefox-esr_45.2.0esr-1~deb8u1_i386.debLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12 ) MozillaFirefox-45.2.0esr-75.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12-SP1 ) MozillaFirefox-branding-SLE-45.0-28.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12 ) MozillaFirefox-debuginfo-45.2.0esr-75.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12 ) MozillaFirefox-debugsource-45.2.0esr-75.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12 ) MozillaFirefox-translations-45.2.0esr-75.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12 ) libfreebl3-3.21.1-46.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12 ) libfreebl3-32bit-3.21.1-46.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12 ) libfreebl3-debuginfo-3.21.1-46.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12 ) libfreebl3-debuginfo-32bit-3.21.1-46.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Server 12 ) libfreebl3-hmac-3.21.1-46.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Server 12 ) libfreebl3-hmac-32bit-3.21.1-46.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12 ) libsoftokn3-3.21.1-46.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12 ) libsoftokn3-32bit-3.21.1-46.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12 ) libsoftokn3-debuginfo-3.21.1-46.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12 ) libsoftokn3-debuginfo-32bit-3.21.1-46.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Server 12 ) libsoftokn3-hmac-3.21.1-46.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Server 12 ) libsoftokn3-hmac-32bit-3.21.1-46.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12 ) mozilla-nspr-4.12-15.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12 ) mozilla-nspr-32bit-4.12-15.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12 ) mozilla-nspr-debuginfo-4.12-15.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12 ) mozilla-nspr-debuginfo-32bit-4.12-15.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12 ) mozilla-nspr-debugsource-4.12-15.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12 ) mozilla-nss-3.21.1-46.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12 ) mozilla-nss-32bit-3.21.1-46.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12 ) mozilla-nss-certs-3.21.1-46.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12 ) mozilla-nss-certs-32bit-3.21.1-46.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12 ) mozilla-nss-certs-debuginfo-3.21.1-46.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12 ) mozilla-nss-certs-debuginfo-32bit-3.21.1-46.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12 ) mozilla-nss-debuginfo-3.21.1-46.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12 ) mozilla-nss-debuginfo-32bit-3.21.1-46.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12 ) mozilla-nss-debugsource-3.21.1-46.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12 ) mozilla-nss-sysinit-3.21.1-46.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12 ) mozilla-nss-sysinit-32bit-3.21.1-46.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12 ) mozilla-nss-sysinit-debuginfo-3.21.1-46.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12 ) mozilla-nss-sysinit-debuginfo-32bit-3.21.1-46.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12 ) mozilla-nss-tools-3.21.1-46.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12 ) mozilla-nss-tools-debuginfo-3.21.1-46.2.x86_64.rpmLinux
SUSE-SU-2016:1799-1(SUSE Linux Enterprise Server 11-SP4 ) firefox-fontconfig-2.11.0-2.1.x86_64.rpmLinux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-344482Mozilla Firefox (134.0.1)
PATCH-302212Update for Mozilla Firefox x64 (47.0)
PATCH-344482Mozilla Firefox (134.0.1)
PATCH-302214Update for Mozilla Firefox x64 (47.0.1)
PATCH-302297Update for Mozilla Firefox ESR (45.2.0)
PATCH-607000Mozilla Firefox For Mac (124.0)
PATCH-607000Mozilla Firefox For Mac (124.0)
PATCH-611808Mozilla Firefox ESR for MAC 128.14.0
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611808Mozilla Firefox ESR for MAC 128.14.0
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-612783Mozilla Firefox For Mac (145.0.1)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234