CVE-2016-2828 — HIGH (8.8) — White Hats Nepal

Q: How severe is CVE-2016-2828?

CVE-2016-2828 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2016-2828?

Check the references section above for vendor advisories and patch information. Affected products include: Canonical Ubuntu Linux, Opensuse Leap, Opensuse Opensuse, Mozilla Firefox, Debian Debian Linux.

Vulnerability Description

Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via WebGL content that triggers texture access after destruction of the texture's recycle pool.

CVSS Score

8.8

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Canonical	Ubuntu Linux	12.04
Opensuse	Leap	42.1
Opensuse	Opensuse	13.1
Mozilla	Firefox	<= 46.0.1
Debian	Debian Linux	8.0

References

FAQ

What is CVE-2016-2828?

CVE-2016-2828 is a vulnerability with a CVSS score of 8.8 (HIGH). Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via WebGL content that triggers texture access after dest...

How severe is CVE-2016-2828?

CVE-2016-2828 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-2828?

Check the references section above for vendor advisories and patch information. Affected products include: Canonical Ubuntu Linux, Opensuse Leap, Opensuse Opensuse, Mozilla Firefox, Debian Debian Linux.