CVE-2016-2811
Published: 27 April 2016
Use-after-free vulnerability in the ServiceWorkerInfo class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute arbitrary code via vectors related to the BeginReading method.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
firefox Launchpad, Ubuntu, Debian |
precise |
Released
(46.0+build5-0ubuntu0.12.04.2)
|
| trusty |
Released
(46.0+build5-0ubuntu0.14.04.2)
|
|
| upstream |
Released
(46.0)
|
|
| wily |
Released
(46.0+build5-0ubuntu0.15.10.2)
|
|
| xenial |
Released
(46.0+build5-0ubuntu0.16.04.2)
|
|
|
thunderbird Launchpad, Ubuntu, Debian |
precise |
Not vulnerable
|
| trusty |
Does not exist
(trusty was not-affected)
|
|
| upstream |
Not vulnerable
|
|
| wily |
Not vulnerable
|
|
| xenial |
Not vulnerable
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 8.8 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |