{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-09-20T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4 and Thunderbird < 45.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-06-11T20:57:01", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1294407"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1293347"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-85.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.mozilla.org/security/advisories/mfsa2016-86/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1289280"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1288780"}, {"name": "DSA-3674", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2016/dsa-3674"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1287204"}, {"name": "GLSA-201701-15", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201701-15"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1277213"}, {"name": "RHSA-2016:1985", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1985.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1288588"}, {"name": "DSA-3690", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2016/dsa-3690"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1294095"}, {"name": "RHSA-2016:1912", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1912.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1288555"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.mozilla.org/security/advisories/mfsa2016-88/"}, {"name": "93049", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/93049"}, {"name": "1036852", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1036852"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@mozilla.org", "ID": "CVE-2016-5257", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4 and Thunderbird < 45.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1294407", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1294407"}, {"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1293347", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1293347"}, {"name": "http://www.mozilla.org/security/announce/2016/mfsa2016-85.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-85.html"}, {"name": "https://www.mozilla.org/security/advisories/mfsa2016-86/", "refsource": "CONFIRM", "url": "https://www.mozilla.org/security/advisories/mfsa2016-86/"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1289280", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1289280"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1288780", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1288780"}, {"name": "DSA-3674", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3674"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1287204", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1287204"}, {"name": "GLSA-201701-15", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201701-15"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1277213", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1277213"}, {"name": "RHSA-2016:1985", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-1985.html"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1288588", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1288588"}, {"name": "DSA-3690", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3690"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1294095", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1294095"}, {"name": "RHSA-2016:1912", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-1912.html"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1288555", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1288555"}, {"name": "https://www.mozilla.org/security/advisories/mfsa2016-88/", "refsource": "CONFIRM", "url": "https://www.mozilla.org/security/advisories/mfsa2016-88/"}, {"name": "93049", "refsource": "BID", "url": "http://www.securityfocus.com/bid/93049"}, {"name": "1036852", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1036852"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T00:53:49.003Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1294407"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1293347"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-85.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.mozilla.org/security/advisories/mfsa2016-86/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1289280"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1288780"}, {"name": "DSA-3674", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2016/dsa-3674"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1287204"}, {"name": "GLSA-201701-15", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201701-15"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1277213"}, {"name": "RHSA-2016:1985", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1985.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1288588"}, {"name": "DSA-3690", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2016/dsa-3690"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1294095"}, {"name": "RHSA-2016:1912", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1912.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1288555"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.mozilla.org/security/advisories/mfsa2016-88/"}, {"name": "93049", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/93049"}, {"name": "1036852", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1036852"}]}]}, "cveMetadata": {"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2016-5257", "datePublished": "2016-09-22T22:00:00", "dateReserved": "2016-06-03T00:00:00", "dateUpdated": "2024-08-06T00:53:49.003Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "C56407AD-F303-4E6E-A64E-4AFA23BFB739", "versionEndIncluding": "48.0.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:45.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B877383B-F7B3-433F-B7B0-2B1C731504F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:45.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "4F18C6F4-5C04-4E4B-A2CC-29C5338F0CD1", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:45.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "BD9B460C-3328-44DC-AA80-EDE2E46AF787", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:45.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "BD5D9DC4-4D18-4491-BE90-CAE21CA1AA96", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4 and Thunderbird < 45.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox en versiones anteriores a la 49.0, Firefox ESR en versiones 45.x anteriores a la 45.4 y Thunderbird en versiones anteriores a la 45.4 permiten a los atacantes remotos provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria y cierre inesperado de la aplicaci\u00f3n) o, posiblemente, ejecutar c\u00f3digo arbitrario mediante vectores no conocidos."}], "id": "CVE-2016-5257", "lastModified": "2018-06-12T01:29:00.597", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-09-22T22:59:02.647", "references": [{"source": "security@mozilla.org", "url": "http://rhn.redhat.com/errata/RHSA-2016-1912.html"}, {"source": "security@mozilla.org", "url": "http://rhn.redhat.com/errata/RHSA-2016-1985.html"}, {"source": "security@mozilla.org", "url": "http://www.debian.org/security/2016/dsa-3674"}, {"source": "security@mozilla.org", "url": "http://www.debian.org/security/2016/dsa-3690"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-85.html"}, {"source": "security@mozilla.org", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"}, {"source": "security@mozilla.org", "url": "http://www.securityfocus.com/bid/93049"}, {"source": "security@mozilla.org", "url": "http://www.securitytracker.com/id/1036852"}, {"source": "security@mozilla.org", "tags": ["Issue Tracking"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1277213"}, {"source": "security@mozilla.org", "tags": ["Issue Tracking"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1287204"}, {"source": "security@mozilla.org", "tags": ["Issue Tracking"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1288555"}, {"source": "security@mozilla.org", "tags": ["Issue Tracking"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1288588"}, {"source": "security@mozilla.org", "tags": ["Issue Tracking"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1288780"}, {"source": "security@mozilla.org", "tags": ["Issue Tracking"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1289280"}, {"source": "security@mozilla.org", "tags": ["Issue Tracking"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1293347"}, {"source": "security@mozilla.org", "tags": ["Issue Tracking"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1294095"}, {"source": "security@mozilla.org", "tags": ["Issue Tracking"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1294407"}, {"source": "security@mozilla.org", "url": "https://security.gentoo.org/glsa/201701-15"}, {"source": "security@mozilla.org", "url": "https://www.mozilla.org/security/advisories/mfsa2016-86/"}, {"source": "security@mozilla.org", "url": "https://www.mozilla.org/security/advisories/mfsa2016-88/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Andrew McCreight, Byron Campen, Carsten Book, Christoph Diehl, Dan Minor, Jon Coppeard, Mozilla developers, Philipp, Steve Fink, and Tyson Smith as the original reporters.", "affected_release": [{"advisory": "RHSA-2016:1912", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "firefox-0:45.4.0-1.el5_11", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2016-09-21T00:00:00Z"}, {"advisory": "RHSA-2016:1985", "cpe": "cpe:/o:redhat:enterprise_linux:5", "impact": "important", "package": "thunderbird-0:45.4.0-1.el5_11", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2016-10-03T00:00:00Z"}, {"advisory": "RHSA-2016:1912", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "firefox-0:45.4.0-1.el6_8", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2016-09-21T00:00:00Z"}, {"advisory": "RHSA-2016:1985", "cpe": "cpe:/o:redhat:enterprise_linux:6", "impact": "important", "package": "thunderbird-0:45.4.0-1.el6_8", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2016-10-03T00:00:00Z"}, {"advisory": "RHSA-2016:1912", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "firefox-0:45.4.0-1.el7_2", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2016-09-21T00:00:00Z"}, {"advisory": "RHSA-2016:1985", "cpe": "cpe:/o:redhat:enterprise_linux:7", "impact": "important", "package": "thunderbird-0:45.4.0-1.el7_2", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2016-10-03T00:00:00Z"}], "bugzilla": {"description": "Mozilla: Memory safety bugs fixed in Firefox ESR 45.4 (MFSA 2016-85, MFSA 2016-86)", "id": "1377543", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1377543"}, "csaw": false, "cvss": {"cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified"}, "cvss3": {"cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "details": ["Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4 and Thunderbird < 45.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors."], "name": "CVE-2016-5257", "public_date": "2016-09-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-5257\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5257\nhttps://www.mozilla.org/security/advisories/mfsa2016-85/\nhttps://www.mozilla.org/security/advisories/mfsa2016-86/"], "threat_severity": "Critical"}