Published: 13/03/2016 Updated: 03/12/2016

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

The setAttr function in Graphite 2 prior to 1.3.6, as used in Mozilla Firefox prior to 45.0 and Firefox ESR 38.x prior to 38.6.1, allows remote malicious users to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted Graphite smart font.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sil graphite2
mozilla firefox esr 38.4.0
mozilla firefox esr 38.3.0
mozilla firefox esr 38.0
mozilla firefox esr 38.2.1
mozilla firefox esr 38.2.0
mozilla firefox esr 38.5.1
mozilla firefox esr 38.5.0
mozilla firefox esr 38.0.5
mozilla firefox esr 38.0.1
mozilla firefox
mozilla firefox esr 38.6.0
mozilla firefox esr 38.1.1
mozilla firefox esr 38.1.0

Mozilla Foundation Security Advisory 2016-38 Out-of-bounds write with malicious font in Graphite 2 Announced March 8, 2016 Reporter James Clawson Impact Critical Products Firefox, Firefox ESR Fixed in ...

CWE-119 https://bugzilla.mozilla.org/show_bug.cgi?id=1242322 http://www.mozilla.org/security/announce/2016/mfsa2016-38.html https://security.gentoo.org/glsa/201605-06 http://www.securitytracker.com/id/1035215 https://nvd.nist.gov https://www.mozilla.org/en-US/security/advisories/mfsa2016-38/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2016-1969

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect