CVE-2016-5258

2016-08-0300:00:00

ubuntu.com

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.026

Percentile

90.3%

JSON

Use-after-free vulnerability in the WebRTC socket thread in Mozilla Firefox
before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to
execute arbitrary code by leveraging incorrect free operations on DTLS
objects during the shutdown of a WebRTC session.

OSVersionArchitecturePackageVersionFilename
ubuntu12.04noarchfirefox< 48.0+build2-0ubuntu0.12.04.1UNKNOWN
ubuntu14.04noarchfirefox< 48.0+build2-0ubuntu0.14.04.1UNKNOWN
ubuntu16.04noarchfirefox< 48.0+build2-0ubuntu0.16.04.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	12.04	noarch	firefox	< 48.0+build2-0ubuntu0.12.04.1	UNKNOWN
ubuntu	14.04	noarch	firefox	< 48.0+build2-0ubuntu0.14.04.1	UNKNOWN
ubuntu	16.04	noarch	firefox	< 48.0+build2-0ubuntu0.16.04.1	UNKNOWN