← Voltar para CVEs
CVE-2016-2837
N/ADescricao
Heap-based buffer overflow in the ClearKey Content Decryption Module (CDM) in the Encrypted Media Extensions (EME) API in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 might allow remote attackers to execute arbitrary code by providing a malformed video and leveraging a Gecko Media Plugin (GMP) sandbox bypass.
Detalhes CVE
Pontuacao CVSS v3.1N/A
Publicado8/5/2016
Ultima modificacao4/12/2025
Fontenvd
Avistamentos honeypot0
Produtos afetados
mozilla:firefoxoracle:linux
Fraquezas (CWE)
CWE-119
Referencias
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html(security@mozilla.org)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html(security@mozilla.org)
http://rhn.redhat.com/errata/RHSA-2016-1551.html(security@mozilla.org)
http://www.debian.org/security/2016/dsa-3640(security@mozilla.org)
http://www.mozilla.org/security/announce/2016/mfsa2016-77.html(security@mozilla.org)
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html(security@mozilla.org)
http://www.securityfocus.com/bid/92258(security@mozilla.org)
http://www.securitytracker.com/id/1036508(security@mozilla.org)
http://www.ubuntu.com/usn/USN-3044-1(security@mozilla.org)
http://www.zerodayinitiative.com/advisories/ZDI-16-673(security@mozilla.org)
https://bugzilla.mozilla.org/show_bug.cgi?id=1274637(security@mozilla.org)
https://security.gentoo.org/glsa/201701-15(security@mozilla.org)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html(af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2016-1551.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2016/dsa-3640(af854a3a-2127-422b-91ae-364da2661108)
http://www.mozilla.org/security/announce/2016/mfsa2016-77.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/92258(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1036508(af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-3044-1(af854a3a-2127-422b-91ae-364da2661108)
http://www.zerodayinitiative.com/advisories/ZDI-16-673(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.mozilla.org/show_bug.cgi?id=1274637(af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201701-15(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.