Home

CVE-2016-2821

Description

Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2, when contenteditable mode is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by triggering deletion of DOM elements that were created in the editor.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
2.857

Associated Vulnerability

VulnerabilityOS Platform
Update for Mozilla Firefox (47.0)Windows
Update for Mozilla Firefox x64 (47.0)Windows
Update for Mozilla Firefox (47.0.1)Windows
Update for Mozilla Firefox x64 (47.0.1)Windows
Update for Mozilla Firefox ESR (45.2.0)Windows
Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 46.0.1Windows
Multiple Vulnerabilities are affected in Mozilla_Firefox 46.0.1Windows
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (47.0)Mac
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (47.0.1)Mac
Multiple Vulnerabilities are affected in Firefox ESR for Mac 45.1.1Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 45.1.1Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 46.0.1Mac
Multiple Vulnerabilities are affected in Firefox ESR for Mac 45.1.0Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 45.1.0Mac
Multiple vulnerabilities are fixed in Mozilla Firefox For Mac 45.2Mac
Mozilla Open Source web browser (USN-2993-1) firefox_47.0+build3-0ubuntu0.12.04.1_i386.debLinux
Mozilla Open Source web browser (USN-2993-1) firefox_47.0+build3-0ubuntu0.12.04.1_amd64.debLinux
Mozilla Open Source web browser (USN-2993-1) firefox_47.0+build3-0ubuntu0.14.04.1_i386.debLinux
Mozilla Open Source web browser (USN-2993-1) firefox_47.0+build3-0ubuntu0.14.04.1_amd64.debLinux
Mozilla Open Source web browser (USN-2993-1) firefox_47.0+build3-0ubuntu0.15.10.1_i386.debLinux
Mozilla Open Source web browser (USN-2993-1) firefox_47.0+build3-0ubuntu0.15.10.1_amd64.debLinux
Mozilla Open Source web browser (USN-2993-1) firefox_47.0+build3-0ubuntu0.16.04.1_i386.debLinux
Mozilla Open Source web browser (USN-2993-1) firefox_47.0+build3-0ubuntu0.16.04.1_amd64.debLinux
iceweasel/firefox-esr security update(DSA-3600-1) firefox-esr_45.2.0esr-1~deb8u1_i386.debLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12 ) MozillaFirefox-45.2.0esr-75.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12-SP1 ) MozillaFirefox-branding-SLE-45.0-28.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12 ) MozillaFirefox-debuginfo-45.2.0esr-75.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12 ) MozillaFirefox-debugsource-45.2.0esr-75.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12 ) MozillaFirefox-translations-45.2.0esr-75.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12 ) libfreebl3-3.21.1-46.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12 ) libfreebl3-32bit-3.21.1-46.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12 ) libfreebl3-debuginfo-3.21.1-46.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12 ) libfreebl3-debuginfo-32bit-3.21.1-46.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Server 12 ) libfreebl3-hmac-3.21.1-46.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Server 12 ) libfreebl3-hmac-32bit-3.21.1-46.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12 ) libsoftokn3-3.21.1-46.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12 ) libsoftokn3-32bit-3.21.1-46.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12 ) libsoftokn3-debuginfo-3.21.1-46.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12 ) libsoftokn3-debuginfo-32bit-3.21.1-46.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Server 12 ) libsoftokn3-hmac-3.21.1-46.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Server 12 ) libsoftokn3-hmac-32bit-3.21.1-46.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12 ) mozilla-nspr-4.12-15.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12 ) mozilla-nspr-32bit-4.12-15.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12 ) mozilla-nspr-debuginfo-4.12-15.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12 ) mozilla-nspr-debuginfo-32bit-4.12-15.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12 ) mozilla-nspr-debugsource-4.12-15.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12 ) mozilla-nss-3.21.1-46.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12 ) mozilla-nss-32bit-3.21.1-46.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12 ) mozilla-nss-certs-3.21.1-46.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12 ) mozilla-nss-certs-32bit-3.21.1-46.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12 ) mozilla-nss-certs-debuginfo-3.21.1-46.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12 ) mozilla-nss-certs-debuginfo-32bit-3.21.1-46.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12 ) mozilla-nss-debuginfo-3.21.1-46.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12 ) mozilla-nss-debuginfo-32bit-3.21.1-46.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12 ) mozilla-nss-debugsource-3.21.1-46.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12 ) mozilla-nss-sysinit-3.21.1-46.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12 ) mozilla-nss-sysinit-32bit-3.21.1-46.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12 ) mozilla-nss-sysinit-debuginfo-3.21.1-46.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12 ) mozilla-nss-sysinit-debuginfo-32bit-3.21.1-46.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12 ) mozilla-nss-tools-3.21.1-46.2.x86_64.rpmLinux
SUSE-SU-2016:1691-1(SUSE Linux Enterprise Desktop 12 ) mozilla-nss-tools-debuginfo-3.21.1-46.2.x86_64.rpmLinux
SUSE-SU-2016:1799-1(SUSE Linux Enterprise Server 11-SP4 ) firefox-fontconfig-2.11.0-2.1.x86_64.rpmLinux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-344482Mozilla Firefox (134.0.1)
PATCH-302212Update for Mozilla Firefox x64 (47.0)
PATCH-344482Mozilla Firefox (134.0.1)
PATCH-302214Update for Mozilla Firefox x64 (47.0.1)
PATCH-302297Update for Mozilla Firefox ESR (45.2.0)
PATCH-607000Mozilla Firefox For Mac (124.0)
PATCH-607000Mozilla Firefox For Mac (124.0)
PATCH-611808Mozilla Firefox ESR for MAC 128.14.0
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611808Mozilla Firefox ESR for MAC 128.14.0
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-612783Mozilla Firefox For Mac (145.0.1)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234