CVE-2016-5270
Mozilla: Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString (MFSA 2016-85, MFSA 2016-86)
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Heap-based buffer overflow in the nsCaseTransformTextRunFactory::TransformString function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to cause a denial of service (boolean out-of-bounds write) or possibly have unspecified other impact via Unicode characters that are mishandled during text conversion.
Desbordamiento de búfer basado en memoria dinámica (heap) en la función nsCaseTransformTextRunFactory::TransformString en Mozilla Firefox en versiones anteriores a la 49.0, Firefox ESR en versiones 45.x anteriores a la 45.4 y Thunderbird en versiones anteriores a la 45.4 permite que los atacantes remotos provoquen una denegación de servicio (escritura de valores boleanos fuera de límites) o, posiblemente, provocar otro impacto no especificado mediante caracteres unicode que se manejan incorrectamente durante la conversión de texto.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-06-03 CVE Reserved
- 2016-09-21 CVE Published
- 2023-12-24 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-787: Out-of-bounds Write
CAPEC
References (12)
| URL | Tag | Source |
|---|---|---|
| http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html | X_refsource_confirm |
|
| http://www.securityfocus.com/bid/93049 | Vdb Entry | |
| http://www.securitytracker.com/id/1036852 | Vdb Entry | |
| https://bugzilla.mozilla.org/show_bug.cgi?id=1291016 | Issue Tracking | |
| https://www.mozilla.org/security/advisories/mfsa2016-86 | X_refsource_confirm | |
| https://www.mozilla.org/security/advisories/mfsa2016-88 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2016-1912.html | 2018-06-12 | |
| http://www.debian.org/security/2016/dsa-3674 | 2018-06-12 | |
| http://www.mozilla.org/security/announce/2016/mfsa2016-85.html | 2018-06-12 | |
| https://security.gentoo.org/glsa/201701-15 | 2018-06-12 | |
| https://access.redhat.com/security/cve/CVE-2016-5270 | 2016-09-21 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1377552 | 2016-09-21 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | <= 48.0.2 Search vendor "Mozilla" for product "Firefox" and version " <= 48.0.2" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | 45.1.0 Search vendor "Mozilla" for product "Firefox Esr" and version "45.1.0" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | 45.1.1 Search vendor "Mozilla" for product "Firefox Esr" and version "45.1.1" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | 45.2.0 Search vendor "Mozilla" for product "Firefox Esr" and version "45.2.0" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | 45.3.0 Search vendor "Mozilla" for product "Firefox Esr" and version "45.3.0" | - |
Affected
| ||||||