UBUNTU-CVE-2016-5261

Details

Integer overflow in the WebSocketChannel class in the WebSockets subsystem in Mozilla Firefox before 48.0 and Firefox ESR < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets that trigger incorrect buffer-resize operations during buffering.

Affected Packages

Ubuntu:14.04:LTSfirefox

Affected versions:

24.0+build1-0ubuntu125.0+build3-0ubuntu0.13.10.128.0+build1-0ubuntu128.0+build2-0ubuntu128.0+build2-0ubuntu228.0~b2+build1-0ubuntu229.0+build1-0ubuntu0.14.04.230.0+build1-0ubuntu0.14.04.331.0+build1-0ubuntu0.14.04.132.0+build1-0ubuntu0.14.04.1+32 more

Fixed in:

48.0+build2-0ubuntu0.14.04.1

Ubuntu:16.04:LTSfirefox

Affected versions:

41.0.2+build2-0ubuntu142.0+build2-0ubuntu144.0+build3-0ubuntu244.0.1+build1-0ubuntu144.0.2+build1-0ubuntu145.0+build2-0ubuntu145.0.1+build1-0ubuntu145.0.2+build1-0ubuntu146.0+build5-0ubuntu0.16.04.246.0.1+build1-0ubuntu0.16.04.2+1 more

Fixed in:

48.0+build2-0ubuntu0.16.04.1

References

REPORThttps://bugzilla.mozilla.org/show_bug.cgi?id=1287266 REPORThttps://ubuntu.com/security/CVE-2016-5261 REPORThttps://ubuntu.com/security/notices/USN-3044-1 REPORThttps://www.cve.org/CVERecord?id=CVE-2016-5261 REPORThttps://www.mozilla.org/en-US/security/advisories/mfsa2016-75/

UBUNTU-CVE-2016-5261

Details

Affected Packages

References

CVSS Analysis

Related

Ecosystems

Timeline