cnvd - cnvd-2016-06168

cnvd-2016-06168

Vulnerability from cnvd

Title: Mozilla Firefox和Firefox ESR 'mozilla::gfx::BasePoint4d'函数堆缓冲区溢出漏洞

Description:

Mozilla Firefox是一款开源Web浏览器；Firefox ESR是Firefox的一个延长支持版本。

Mozilla Firefox和Firefox的‘mozilla::gfx::BasePoint4d’函数中存在堆缓冲区溢出漏洞，允许远程攻击者可利用该漏洞构建恶意WEB页，诱使用户解析，可执行任意代码。

Severity: 中

Patch Name: Mozilla Firefox和Firefox ESR 'mozilla::gfx::BasePoint4d'函数堆缓冲区溢出漏洞的补丁

Patch Description:

Mozilla Firefox是一款开源Web浏览器；Firefox ESR是Firefox的一个延长支持版本。

Mozilla Firefox和Firefox的‘mozilla::gfx::BasePoint4d’函数中存在堆缓冲区溢出漏洞，允许远程攻击者可利用该漏洞构建恶意WEB页，诱使用户解析，可执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

用户可参考如下厂商提供的安全补丁以修复该漏洞： http://www.mozilla.org/security/announce/2016/mfsa2016-67.html

Reference: http://www.mozilla.org/security/announce/2016/mfsa2016-67.html

Impacted products

Name
['Mozilla Firefox <48.0', 'Mozilla Firefox ESR 45.*，<45.3']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "92261"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-5252"
    }
  },
  "description": "Mozilla Firefox\u662f\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\uff1bFirefox ESR\u662fFirefox\u7684\u4e00\u4e2a\u5ef6\u957f\u652f\u6301\u7248\u672c\u3002\r\n\r\nMozilla Firefox\u548cFirefox\u7684\u2018mozilla::gfx::BasePoint4d\u2019\u51fd\u6570\u4e2d\u5b58\u5728\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6784\u5efa\u6076\u610fWEB\u9875\uff0c\u8bf1\u4f7f\u7528\u6237\u89e3\u6790\uff0c\u53ef\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "Abhishek Arya (Inferno) of the Google Chrome Security Team,Georg Koppen of the Tor Project,Bert Massop,Carsten Book, Christian Holler, Gary Kwong, Jesse Ruderman, Andrew McCreight, Phil Ringnalda and Philipp,Christian Holler, Tyson Smith, Boris Zbarsky, By",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://www.mozilla.org/security/announce/2016/mfsa2016-67.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-06168",
  "openTime": "2016-08-09",
  "patchDescription": "Mozilla Firefox\u662f\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\uff1bFirefox ESR\u662fFirefox\u7684\u4e00\u4e2a\u5ef6\u957f\u652f\u6301\u7248\u672c\u3002\r\n\r\nMozilla Firefox\u548cFirefox\u7684\u2018mozilla::gfx::BasePoint4d\u2019\u51fd\u6570\u4e2d\u5b58\u5728\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6784\u5efa\u6076\u610fWEB\u9875\uff0c\u8bf1\u4f7f\u7528\u6237\u89e3\u6790\uff0c\u53ef\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Mozilla Firefox\u548cFirefox ESR \u0027mozilla::gfx::BasePoint4d\u0027\u51fd\u6570\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Mozilla Firefox \u003c48.0",
      "Mozilla Firefox ESR 45.*\uff0c\u003c45.3"
    ]
  },
  "referenceLink": "http://www.mozilla.org/security/announce/2016/mfsa2016-67.html",
  "serverity": "\u4e2d",
  "submitTime": "2016-08-07",
  "title": "Mozilla Firefox\u548cFirefox ESR \u0027mozilla::gfx::BasePoint4d\u0027\u51fd\u6570\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}

CVE-2016-5252 (GCVE-0-2016-5252)

Vulnerability from cvelistv5

Published

2016-08-05 01:00

Modified

2024-08-06 00:53

Severity ?

CWE

Summary

Stack-based buffer underflow in the mozilla::gfx::BasePoint4d function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via crafted two-dimensional graphics data that is mishandled during clipping-region calculations.

References

▼	URL	Tags
	http://www.debian.org/security/2016/dsa-3640	vendor-advisory, x_refsource_DEBIAN
	http://www.securitytracker.com/id/1036508	vdb-entry, x_refsource_SECTRACK
	http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-3044-1	vendor-advisory, x_refsource_UBUNTU
	http://rhn.redhat.com/errata/RHSA-2016-1551.html	vendor-advisory, x_refsource_REDHAT
	https://security.gentoo.org/glsa/201701-15	vendor-advisory, x_refsource_GENTOO
	https://bugzilla.mozilla.org/show_bug.cgi?id=1268854	x_refsource_CONFIRM
	http://www.mozilla.org/security/announce/2016/mfsa2016-67.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html	vendor-advisory, x_refsource_SUSE
	http://www.securityfocus.com/bid/92261	vdb-entry, x_refsource_BID
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html	vendor-advisory, x_refsource_SUSE

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:53:48.941Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-3640",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3640"
          },
          {
            "name": "1036508",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036508"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
          },
          {
            "name": "USN-3044-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3044-1"
          },
          {
            "name": "RHSA-2016:1551",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1551.html"
          },
          {
            "name": "GLSA-201701-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-15"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1268854"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-67.html"
          },
          {
            "name": "openSUSE-SU-2016:1964",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html"
          },
          {
            "name": "92261",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/92261"
          },
          {
            "name": "openSUSE-SU-2016:2026",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-08-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer underflow in the mozilla::gfx::BasePoint4d function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via crafted two-dimensional graphics data that is mishandled during clipping-region calculations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-15T09:57:01",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "name": "DSA-3640",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3640"
        },
        {
          "name": "1036508",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036508"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
        },
        {
          "name": "USN-3044-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3044-1"
        },
        {
          "name": "RHSA-2016:1551",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1551.html"
        },
        {
          "name": "GLSA-201701-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-15"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1268854"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-67.html"
        },
        {
          "name": "openSUSE-SU-2016:1964",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html"
        },
        {
          "name": "92261",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/92261"
        },
        {
          "name": "openSUSE-SU-2016:2026",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2016-5252",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer underflow in the mozilla::gfx::BasePoint4d function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via crafted two-dimensional graphics data that is mishandled during clipping-region calculations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-3640",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3640"
            },
            {
              "name": "1036508",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036508"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
            },
            {
              "name": "USN-3044-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3044-1"
            },
            {
              "name": "RHSA-2016:1551",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1551.html"
            },
            {
              "name": "GLSA-201701-15",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201701-15"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1268854",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1268854"
            },
            {
              "name": "http://www.mozilla.org/security/announce/2016/mfsa2016-67.html",
              "refsource": "CONFIRM",
              "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-67.html"
            },
            {
              "name": "openSUSE-SU-2016:1964",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html"
            },
            {
              "name": "92261",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/92261"
            },
            {
              "name": "openSUSE-SU-2016:2026",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2016-5252",
    "datePublished": "2016-08-05T01:00:00",
    "dateReserved": "2016-06-03T00:00:00",
    "dateUpdated": "2024-08-06T00:53:48.941Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted