{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-08-02T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to Http2Session::Shutdown and SpdySession31::Shutdown, and other vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-15T09:57:01", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla"}, "references": [{"name": "RHSA-2016:1809", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1809.html"}, {"name": "DSA-3640", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2016/dsa-3640"}, {"name": "1036508", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1036508"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1257765"}, {"name": "USN-3044-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-3044-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1282502"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-62.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1268626"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1283823"}, {"name": "RHSA-2016:1551", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1551.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1249578"}, {"name": "GLSA-201701-15", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201701-15"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1258079"}, {"name": "openSUSE-SU-2016:1964", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html"}, {"name": "92261", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/92261"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1154923"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=822081"}, {"name": "openSUSE-SU-2016:2026", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@mozilla.org", "ID": "CVE-2016-2836", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to Http2Session::Shutdown and SpdySession31::Shutdown, and other vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "RHSA-2016:1809", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-1809.html"}, {"name": "DSA-3640", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3640"}, {"name": "1036508", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1036508"}, {"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1257765", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1257765"}, {"name": "USN-3044-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-3044-1"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1282502", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1282502"}, {"name": "http://www.mozilla.org/security/announce/2016/mfsa2016-62.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-62.html"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1268626", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1268626"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1283823", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1283823"}, {"name": "RHSA-2016:1551", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-1551.html"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1249578", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1249578"}, {"name": "GLSA-201701-15", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201701-15"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1258079", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1258079"}, {"name": "openSUSE-SU-2016:1964", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html"}, {"name": "92261", "refsource": "BID", "url": "http://www.securityfocus.com/bid/92261"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1154923", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1154923"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=822081", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=822081"}, {"name": "openSUSE-SU-2016:2026", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T23:32:21.335Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2016:1809", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1809.html"}, {"name": "DSA-3640", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2016/dsa-3640"}, {"name": "1036508", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1036508"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1257765"}, {"name": "USN-3044-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-3044-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1282502"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-62.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1268626"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1283823"}, {"name": "RHSA-2016:1551", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1551.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1249578"}, {"name": "GLSA-201701-15", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201701-15"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1258079"}, {"name": "openSUSE-SU-2016:1964", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html"}, {"name": "92261", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/92261"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1154923"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=822081"}, {"name": "openSUSE-SU-2016:2026", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html"}]}]}, "cveMetadata": {"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2016-2836", "datePublished": "2016-08-05T01:00:00", "dateReserved": "2016-03-01T00:00:00", "dateUpdated": "2024-08-05T23:32:21.335Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "1456CC69-6E37-4C75-8D9A-172ED8A571EB", "versionEndIncluding": "47.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:45.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B877383B-F7B3-433F-B7B0-2B1C731504F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:45.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "4F18C6F4-5C04-4E4B-A2CC-29C5338F0CD1", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:45.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "BD9B460C-3328-44DC-AA80-EDE2E46AF787", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:45.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "BD5D9DC4-4D18-4491-BE90-CAE21CA1AA96", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to Http2Session::Shutdown and SpdySession31::Shutdown, and other vectors."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox en versiones anteriores a 48.0 y Firefox ESR 45.x en versiones anteriores a 45.3 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria y ca\u00edda de aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores relacionados con Http2Session::Shutdown y SpdySession31::Shutdown y otros vectores."}], "id": "CVE-2016-2836", "lastModified": "2017-08-16T01:29:06.477", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-08-05T01:59:02.500", "references": [{"source": "security@mozilla.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html"}, {"source": "security@mozilla.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html"}, {"source": "security@mozilla.org", "url": "http://rhn.redhat.com/errata/RHSA-2016-1551.html"}, {"source": "security@mozilla.org", "url": "http://rhn.redhat.com/errata/RHSA-2016-1809.html"}, {"source": "security@mozilla.org", "url": "http://www.debian.org/security/2016/dsa-3640"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-62.html"}, {"source": "security@mozilla.org", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"}, {"source": "security@mozilla.org", "url": "http://www.securityfocus.com/bid/92261"}, {"source": "security@mozilla.org", "url": "http://www.securitytracker.com/id/1036508"}, {"source": "security@mozilla.org", "url": "http://www.ubuntu.com/usn/USN-3044-1"}, {"source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1154923"}, {"source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1249578"}, {"source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1257765"}, {"source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1258079"}, {"source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1268626"}, {"source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1282502"}, {"source": "security@mozilla.org", "tags": ["Issue Tracking"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1283823"}, {"source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=822081"}, {"source": "security@mozilla.org", "url": "https://security.gentoo.org/glsa/201701-15"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Andrew McCreight, Carsten Book, Christian Holler, Gary Kwong, Jesse Ruderman, Phil Ringnalda, and Philipp as the original reporters.", "affected_release": [{"advisory": "RHSA-2016:1551", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "firefox-0:45.3.0-1.el5_11", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2016-08-03T00:00:00Z"}, {"advisory": "RHSA-2016:1809", "cpe": "cpe:/o:redhat:enterprise_linux:5", "impact": "important", "package": "thunderbird-0:45.3.0-1.el5_11", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2016-09-05T00:00:00Z"}, {"advisory": "RHSA-2016:1551", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "firefox-0:45.3.0-1.el6_8", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2016-08-03T00:00:00Z"}, {"advisory": "RHSA-2016:1809", "cpe": "cpe:/o:redhat:enterprise_linux:6", "impact": "important", "package": "thunderbird-0:45.3.0-1.el6_8", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2016-09-05T00:00:00Z"}, {"advisory": "RHSA-2016:1551", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "firefox-0:45.3.0-1.el7_2", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2016-08-03T00:00:00Z"}, {"advisory": "RHSA-2016:1809", "cpe": "cpe:/o:redhat:enterprise_linux:7", "impact": "important", "package": "thunderbird-0:45.3.0-1.el7_2", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2016-09-05T00:00:00Z"}], "bugzilla": {"description": "Mozilla: Miscellaneous memory safety hazards (rv:45.3) (MFSA 2016-62)", "id": "1361974", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1361974"}, "csaw": false, "cvss": {"cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified"}, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "details": ["Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to Http2Session::Shutdown and SpdySession31::Shutdown, and other vectors."], "name": "CVE-2016-2836", "public_date": "2016-08-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-2836\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2836\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-62.html"], "threat_severity": "Critical"}