← Volver a CVEs
CVE-2016-2837
N/ADescripcion
Heap-based buffer overflow in the ClearKey Content Decryption Module (CDM) in the Encrypted Media Extensions (EME) API in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 might allow remote attackers to execute arbitrary code by providing a malformed video and leveraging a Gecko Media Plugin (GMP) sandbox bypass.
Detalles CVE
Puntuacion CVSS v3.1N/A
Publicado8/5/2016
Ultima modificacion4/12/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
mozilla:firefoxoracle:linux
Debilidades (CWE)
CWE-119
Referencias
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html(security@mozilla.org)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html(security@mozilla.org)
http://rhn.redhat.com/errata/RHSA-2016-1551.html(security@mozilla.org)
http://www.debian.org/security/2016/dsa-3640(security@mozilla.org)
http://www.mozilla.org/security/announce/2016/mfsa2016-77.html(security@mozilla.org)
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html(security@mozilla.org)
http://www.securityfocus.com/bid/92258(security@mozilla.org)
http://www.securitytracker.com/id/1036508(security@mozilla.org)
http://www.ubuntu.com/usn/USN-3044-1(security@mozilla.org)
http://www.zerodayinitiative.com/advisories/ZDI-16-673(security@mozilla.org)
https://bugzilla.mozilla.org/show_bug.cgi?id=1274637(security@mozilla.org)
https://security.gentoo.org/glsa/201701-15(security@mozilla.org)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html(af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2016-1551.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2016/dsa-3640(af854a3a-2127-422b-91ae-364da2661108)
http://www.mozilla.org/security/announce/2016/mfsa2016-77.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/92258(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1036508(af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-3044-1(af854a3a-2127-422b-91ae-364da2661108)
http://www.zerodayinitiative.com/advisories/ZDI-16-673(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.mozilla.org/show_bug.cgi?id=1274637(af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201701-15(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.