CVE-2016-2839

Description

Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 on Linux make cairo _cairo_surface_get_extents calls that do not properly interact with libav header allocation in FFmpeg 0.10, which allows remote attackers to cause a denial of service (application crash) via a crafted video.

Risk Information

Base Score

6.5

MODERATE

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS Score

Exploitation Probability

0.748

Associated Vulnerability

Vulnerability	OS Platform
Update for Mozilla Firefox (48.0)	Windows
Update for Mozilla Firefox x64 (48.0)	Windows
Update for Mozilla Firefox ESR (45.3.0)	Windows
Update for Mozilla Firefox (48.0.1)	Windows
Update for Mozilla Firefox x64 (48.0.1)	Windows
Update for Mozilla Firefox (48.0.2)	Windows
Update for Mozilla Firefox x64 (48.0.2)	Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-344482	Mozilla Firefox (134.0.1)
PATCH-302216	Update for Mozilla Firefox x64 (48.0)
PATCH-302298	Update for Mozilla Firefox ESR (45.3.0)
PATCH-344482	Mozilla Firefox (134.0.1)
PATCH-304013	Update for Mozilla Firefox x64 (48.0.1)
PATCH-344482	Mozilla Firefox (134.0.1)
PATCH-304032	Update for Mozilla Firefox x64 (48.0.2)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234