Published: 30/04/2016 Updated: 01/07/2017

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Use-after-free vulnerability in the ServiceWorkerInfo class in the Service Worker subsystem in Mozilla Firefox prior to 46.0 allows remote malicious users to execute arbitrary code via vectors related to the BeginReading method.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox

Firefox could be made to crash or run programs as your login if it opened a malicious website ...

USN-2936-1 caused Firefox to crash on startup with the Oxygen GTK theme ...

USN-2936-1 introduced a regression in Firefox ...

Mozilla Foundation Security Advisory 2016-42 Use-after-free and buffer overflow in Service Workers Announced April 26, 2016 Reporter Looben Yang Impact High Products Firefox Fixed in ...

Use-after-free vulnerability in the ServiceWorkerInfo class in the Service Worker subsystem in Mozilla Firefox before 460 allows remote attackers to execute arbitrary code via vectors related to the BeginReading method ...

NVD-CWE-Other https://bugzilla.mozilla.org/show_bug.cgi?id=1252330 http://www.mozilla.org/security/announce/2016/mfsa2016-42.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00005.html http://www.ubuntu.com/usn/USN-2936-1 http://www.ubuntu.com/usn/USN-2936-2 http://lists.opensuse.org/opensuse-updates/2016-05/msg00038.html http://www.ubuntu.com/usn/USN-2936-3 http://www.securitytracker.com/id/1035692 https://security.gentoo.org/glsa/201701-15 https://nvd.nist.gov https://usn.ubuntu.com/2936-1/

CVE-2016-2811

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect