CVE-2016-1960 – Mozilla Firefox nsHtml5TreeBuilder Array Indexing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-1960
Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) by leveraging mishandling of end tags, as demonstrated by incorrect SVG processing, aka ZDI-CAN-3545. Desbordamiento inferior de entero en la clase nsHtml5TreeBuilder en el intérprete de cadenas HTML5 en Mozilla Firefox en versiones anteriores a 45.0 y Firefox ESR 38.x en versiones anteriores a 38.7 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (uso después de liberación de memoria) mediante el aprovechamiento del manejo incorrecto de las etiquetas finales, según lo demostrado por el procesamiento incorrecto de SVG, también conocido como ZDI-CAN-3545. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of HTML5 end tags. The issue lies in the failure to check for an index becoming negative, allowing for out-of-bounds indexing. • https://www.exploit-db.com/exploits/44294 https://www.exploit-db.com/exploits/42484 http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html http://lists.opensuse.org/opensuse-security •
CVE-2016-1966 – Mozilla: Memory corruption with malicious NPAPI plugin (MFSA 2016-31)
https://notcve.org/view.php?id=CVE-2016-1966
The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference and memory corruption) via a crafted NPAPI plugin. La función nsNPObjWrapper::GetNewOrUsed en dom/plugins/base/nsJSNPRuntime.cpp en Mozilla Firefox en versiones anteriores a 45.0 y Firefox ESR 38.x en versiones anteriores a 38.7 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (referencia a puntero no válida y corrupción de memoria) a través de un plugin NPAPI manipulado. • http://hg.mozilla.org/releases/mozilla-release/rev/f0d2911a9a4e http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.htm •
CVE-2016-2794 – graphite2: multiple font parsing vulnerabilities (Mozilla MFSA 2016-37)
https://notcve.org/view.php?id=CVE-2016-2794
The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. La función graphite2::TtfUtil::CmapSubtable12NextCodepoint en Graphite 2 en versiones anteriores a 1.3.6, como se utiliza en Mozilla Firefox en versiones anteriores a 45.0 y Firefox ESR 38.x en versiones anteriores a 38.7, permite a atacantes remotos causar una denegación de servicio (sobre lectura de buffer) o posiblemente tener otro impacto no especificado a través de una fuente inteligente Graphite manipulada. • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html http://lists.opensuse.org/opensuse-security-announce/2016-03 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-2797 – graphite2: multiple font parsing vulnerabilities (Mozilla MFSA 2016-37)
https://notcve.org/view.php?id=CVE-2016-2797
The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2801. La función graphite2::TtfUtil::CmapSubtable12Lookup en Graphite 2 en versiones anteriores a 1.3.6, como se utiliza en Mozilla Firefox en versiones anteriores a 45.0 y Firefox ESR 38.x en versiones anteriores a 38.7, permite a atacantes remotos causar una denegación de servicio (sobre lectura de buffer) o posiblemente tener otro impacto no especificado a través de una fuente inteligente Graphite manipulada, una vulnerabilidad diferente a CVE-2016-2801. • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html http://lists.opensuse.org/opensuse-security-announce/2016-03 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-1962 – Mozilla: Use-after-free when using multiple WebRTC data channels (MFSA 2016-25)
https://notcve.org/view.php?id=CVE-2016-1962
Use-after-free vulnerability in the mozilla::DataChannelConnection::Close function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of WebRTC data-channel connections. Vulnerabilidad de uso después de liberación de memoria en la función mozilla::DataChannelConnection::Close en Mozilla Firefox en versiones anteriores a 45.0 y Firefox ESR 38.x en versiones anteriores a 38.7 permite a atacantes remotos ejecutar código arbitrario mediante el aprovechamiento del manejo incorrecto de las conexiones del canal de datos WebRTC. • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html http://lists.opensuse.org/opensuse-security-announce/2016-03 • CWE-416: Use After Free •