CVE-2016-2836 - Vulnerability Details

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to Http2Session::Shutdown and SpdySession31::Shutdown, and other vectors.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mozilla	Firefox
Redhat	Enterprise Linux

Configuration 1 [-]

OR	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:firefox:45.1.0:::::::*
	cpe:2.3:a:mozilla:firefox:45.1.1:::::::*
	cpe:2.3:a:mozilla:firefox:45.2.0:::::::*
	cpe:2.3:a:mozilla:firefox:45.3.0:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 5
firefox-0:45.3.0-1.el5_11	cpe:/o:redhat:enterprise_linux:5	RHSA-2016:1551	2016-08-03T00:00:00Z
thunderbird-0:45.3.0-1.el5_11	cpe:/o:redhat:enterprise_linux:5	RHSA-2016:1809	2016-09-05T00:00:00Z
Red Hat Enterprise Linux 6
firefox-0:45.3.0-1.el6_8	cpe:/o:redhat:enterprise_linux:6	RHSA-2016:1551	2016-08-03T00:00:00Z
thunderbird-0:45.3.0-1.el6_8	cpe:/o:redhat:enterprise_linux:6	RHSA-2016:1809	2016-09-05T00:00:00Z
Red Hat Enterprise Linux 7
firefox-0:45.3.0-1.el7_2	cpe:/o:redhat:enterprise_linux:7	RHSA-2016:1551	2016-08-03T00:00:00Z
thunderbird-0:45.3.0-1.el7_2	cpe:/o:redhat:enterprise_linux:7	RHSA-2016:1809	2016-09-05T00:00:00Z

References

Link	Providers
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html
http://rhn.redhat.com/errata/RHSA-2016-1551.html
http://rhn.redhat.com/errata/RHSA-2016-1809.html
http://www.debian.org/security/2016/dsa-3640
http://www.mozilla.org/security/announce/2016/mfsa2016-62.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
http://www.securityfocus.com/bid/92261
http://www.securitytracker.com/id/1036508
http://www.ubuntu.com/usn/USN-3044-1
https://bugzilla.mozilla.org/show_bug.cgi?id=1154923
https://bugzilla.mozilla.org/show_bug.cgi?id=1249578
https://bugzilla.mozilla.org/show_bug.cgi?id=1257765
https://bugzilla.mozilla.org/show_bug.cgi?id=1258079
https://bugzilla.mozilla.org/show_bug.cgi?id=1268626
https://bugzilla.mozilla.org/show_bug.cgi?id=1282502
https://bugzilla.mozilla.org/show_bug.cgi?id=1283823
https://bugzilla.mozilla.org/show_bug.cgi?id=822081
https://nvd.nist.gov/vuln/detail/CVE-2016-2836
https://security.gentoo.org/glsa/201701-15
https://www.cve.org/CVERecord?id=CVE-2016-2836
https://www.mozilla.org/security/announce/2016/mfsa2016-62.html

History

Tue, 22 Oct 2024 14:15:00 +0000

Type	Values Removed	Values Added
CPEs	cpe:2.3:a:mozilla:firefox_esr:45.1.0:::::::*	cpe:2.3:a:mozilla:firefox:45.1.0:::::::*
Vendors & Products	Mozilla firefox Esr

Mon, 21 Oct 2024 13:30:00 +0000

Type	Values Removed	Values Added
CPEs	cpe:2.3:a:mozilla:firefox_esr:45.1.1:::::::* cpe:2.3:a:mozilla:firefox_esr:45.2.0:::::::* cpe:2.3:a:mozilla:firefox_esr:45.3.0:::::::*	cpe:2.3:a:mozilla:firefox:45.1.1:::::::* cpe:2.3:a:mozilla:firefox:45.2.0:::::::* cpe:2.3:a:mozilla:firefox:45.3.0:::::::*

MITRE

Status: PUBLISHED

Assigner: mozilla

Published: 2016-08-05T01:00:00

Updated: 2024-08-05T23:32:21.335Z

Reserved: 2016-03-01T00:00:00

Link: CVE-2016-2836

Vulnrichment

No data.

NVD

Status : Modified

Published: 2016-08-05T01:59:02.500

Modified: 2024-11-21T02:48:54.567

Link: CVE-2016-2836

Redhat

Severity : Critical

Publid Date: 2016-08-02T00:00:00Z

Links: CVE-2016-2836 - Bugzilla

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object