Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox prior to 45.0 and Firefox ESR 38.x prior to 38.7 allows remote malicious users to execute arbitrary code or cause a denial of service (use-after-free) by leveraging mishandling of end tags, as demonstrated by incorrect SVG processing, aka ZDI-CAN-3545.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
oracle linux 5.0 |
||
oracle linux 6 |
||
oracle linux 7 |
||
mozilla firefox esr 38.3.0 |
||
mozilla firefox esr 38.2.1 |
||
mozilla firefox esr 38.2.0 |
||
mozilla thunderbird |
||
mozilla firefox esr 38.6.0 |
||
mozilla firefox esr 38.5.1 |
||
mozilla firefox esr 38.0.5 |
||
mozilla firefox esr 38.0.1 |
||
mozilla firefox esr 38.5.0 |
||
mozilla firefox esr 38.4.0 |
||
mozilla firefox esr 38.0 |
||
mozilla firefox |
||
mozilla firefox esr 38.6.1 |
||
mozilla firefox esr 38.1.1 |
||
mozilla firefox esr 38.1.0 |
||
opensuse opensuse 13.2 |
||
opensuse opensuse 13.1 |
||
suse linux enterprise 12.0 |
||
opensuse leap 42.1 |