CVE Vulnerabilities

CVE-2016-1962

Published: Mar 13, 2016 | Modified: Dec 27, 2019
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
10 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Use-after-free vulnerability in the mozilla::DataChannelConnection::Close function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of WebRTC data-channel connections.

Affected Software

Name Vendor Start Version End Version
Firefox_esr Mozilla 38.0 38.0
Firefox_esr Mozilla 38.2.1 38.2.1
Firefox_esr Mozilla 38.1.0 38.1.0
Firefox_esr Mozilla 38.2.0 38.2.0
Firefox_esr Mozilla 38.6.1 38.6.1
Firefox_esr Mozilla 38.4.0 38.4.0
Firefox_esr Mozilla 38.3.0 38.3.0
Firefox_esr Mozilla 38.5.1 38.5.1
Firefox_esr Mozilla 38.0.5 38.0.5
Firefox_esr Mozilla 38.0.1 38.0.1
Firefox_esr Mozilla 38.5.0 38.5.0
Firefox_esr Mozilla 38.6.0 38.6.0
Firefox_esr Mozilla 38.1.1 38.1.1
Firefox Mozilla * 44.0.2

References