CVE-2016-2812

Published: 30/04/2016 Updated: 01/07/2017

CVSS v2 Base Score: 5.1 | Impact Score: 6.4 | Exploitability Score: 4.9

CVSS v3 Base Score: 7.5 | Impact Score: 5.9 | Exploitability Score: 1.6

VMScore: 454

Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Race condition in the get implementation in the ServiceWorkerManager class in the Service Worker subsystem in Mozilla Firefox prior to 46.0 allows remote malicious users to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted web site.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox

Firefox could be made to crash or run programs as your login if it opened a malicious website ...

USN-2936-1 introduced a regression in Firefox ...

USN-2936-1 caused Firefox to crash on startup with the Oxygen GTK theme ...

Mozilla Foundation Security Advisory 2016-42 Use-after-free and buffer overflow in Service Workers Announced April 26, 2016 Reporter Looben Yang Impact High Products Firefox Fixed in ...

Race condition in the get implementation in the ServiceWorkerManager class in the Service Worker subsystem in Mozilla Firefox before 460 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted web site ...

CWE-362 https://bugzilla.mozilla.org/show_bug.cgi?id=1261776 http://www.mozilla.org/security/announce/2016/mfsa2016-42.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00005.html http://www.ubuntu.com/usn/USN-2936-1 http://www.ubuntu.com/usn/USN-2936-2 http://lists.opensuse.org/opensuse-updates/2016-05/msg00038.html http://www.ubuntu.com/usn/USN-2936-3 http://www.securitytracker.com/id/1035692 https://security.gentoo.org/glsa/201701-15 https://nvd.nist.gov https://usn.ubuntu.com/2936-1/

CVE-2016-2812

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect