CVE-2016-2828: Use After Free
First published: Mon Jun 13 2016(Updated: )
Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via WebGL content that triggers texture access after destruction of the texture's recycle pool.
Credit: security@mozilla.org security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ubuntu | =12.04 | |
| Ubuntu | =14.04 | |
| Ubuntu | =15.10 | |
| Ubuntu | =16.04 | |
| SUSE Linux | =42.1 | |
| SUSE Linux | =13.1 | |
| SUSE Linux | =13.2 | |
| Firefox | <=46.0.1 | |
| Firefox | =45.1.0 | |
| Firefox | =45.1.1 | |
| Debian | =8.0 | |
| Firefox ESR | =45.1.0 | |
| Firefox ESR | =45.1.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.html
- http://www.debian.org/security/2016/dsa-3600
- http://www.mozilla.org/security/announce/2016/mfsa2016-56.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.securityfocus.com/bid/91075
- http://www.securitytracker.com/id/1036057
- http://www.ubuntu.com/usn/USN-2993-1
- https://access.redhat.com/errata/RHSA-2016:1217
- https://bugzilla.mozilla.org/show_bug.cgi?id=1223810
Frequently Asked Questions
What is the severity of CVE-2016-2828?
CVE-2016-2828 is classified as a high severity vulnerability due to its potential to allow remote code execution.
How do I fix CVE-2016-2828?
To fix CVE-2016-2828, update Mozilla Firefox to version 47.0 or later, or update Firefox ESR to version 45.2 or later.
What are the affected versions of Firefox for CVE-2016-2828?
Affected versions of Firefox for CVE-2016-2828 include all versions prior to 47.0, as well as Firefox ESR versions before 45.2.
What systems are impacted by CVE-2016-2828?
CVE-2016-2828 affects various Linux distributions such as Ubuntu 12.04, 14.04, 15.10, and 16.04, as well as openSUSE versions 13.1, 13.2, and 42.1.
How does CVE-2016-2828 exploit work?
CVE-2016-2828 exploits a use-after-free vulnerability that can occur in WebGL content, allowing attackers to access destroyed texture pools.
- agent/type
- agent/references
- agent/severity
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- agent/event
- agent/author
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/12.04
- version/ubuntu/14.04
- version/ubuntu/15.10
- version/ubuntu/16.04
- vendor/opensuse
- canonical/suse linux
- version/suse linux/42.1
- version/suse linux/13.1
- version/suse linux/13.2
- vendor/mozilla
- canonical/firefox
- version/firefox/46.0.1
- version/firefox/45.1.0
- version/firefox/45.1.1
- vendor/debian
- canonical/debian
- version/debian/8.0
- canonical/firefox esr
- version/firefox esr/45.1.0
- version/firefox esr/45.1.1