Lucene search
Ca0nguyenZDI-16-198HistoryMar 11, 2016 - 12:00 a.m.
Mozilla Firefox nsHtml5TreeBuilder Array Indexing Remote Code Execution Vulnerability
2016-03-1100:00:00
ca0nguyen
www.zerodayinitiative.com
42
0.963 High
EPSS
Percentile
99.5%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of HTML5 end tags. The issue lies in the failure to check for an index becoming negative, allowing for out-of-bounds indexing. An attacker can leverage this vulnerability to execute code within the context of the current process.
Related
debiancve
debiancve
CVE-2016-1960
2016-03-13 18:59:09
cve
cve
CVE-2016-1960
2016-03-13 18:59:09
exploitpack
exploitpack
Mozilla Firefox 45.0 - nsHtml5TreeBuilder Use-After-Free (EMET 5.52 Bypass)
2017-08-18 00:00:00
Firefox 44.0.2 - ASM.JS JIT-Spray Remote Code Execution
2018-03-16 00:00:00
mozilla
mozilla
Use-after-free in HTML5 string parser — Mozilla
2016-03-08 00:00:00
openvas
openvas
Mozilla Firefox Security Advisory (MFSA2016-23) - Linux
2021-11-08 00:00:00
CentOS Update for thunderbird CESA-2016:0460 centos7
2016-03-17 00:00:00
Mageia: Security Advisory (MGASA-2016-0115)
2016-03-17 00:00:00
zdt
zdt
packetstorm
packetstorm
Mozilla Firefox nsHtml5TreeBuilder Use-After-Free
2017-08-20 00:00:00
Firefox 44.0.2 ASM.JS JIT-Spray Remote Code Execution
2018-03-16 00:00:00
ubuntucve
ubuntucve
CVE-2016-1960
2016-03-08 00:00:00
prion
prion
Integer overflow
2016-03-13 18:59:00
nvd
nvd
CVE-2016-1960
2016-03-13 18:59:09
cvelist
cvelist
CVE-2016-1960
2016-03-13 18:00:00
exploitdb
exploitdb
Mozilla Firefox < 45.0 - 'nsHtml5TreeBuilder' Use-After-Free (EMET 5.52 Bypass)
2017-08-18 00:00:00
Firefox 44.0.2 - ASM.JS JIT-Spray Remote Code Execution
2018-03-16 00:00:00
oraclelinux
oraclelinux
thunderbird security update
2016-03-16 00:00:00
firefox security update
2016-03-09 00:00:00
redhat
redhat
(RHSA-2016:0460) Important: thunderbird security update
2016-03-16 00:00:00
(RHSA-2016:0373) Critical: firefox security update
2016-03-09 00:00:00
centos
centos
thunderbird security update
2016-03-16 17:52:15
firefox security update
2016-03-09 06:42:15
nessus
nessus
Scientific Linux Security Update : thunderbird on SL5.x, SL6.x, SL7.x i386/x86_64 (20160316)
2016-03-17 00:00:00
FreeBSD : mozilla -- multiple vulnerabilities (2225c5b4-1e5a-44fc-9920-b3201c384a15)
2016-03-09 00:00:00
Debian DSA-3520-1 : icedove - security update
2016-03-21 00:00:00
ubuntu
ubuntu
Thunderbird vulnerabilities
2016-04-27 00:00:00
Firefox regressions
2016-04-19 00:00:00
Firefox regressions
2016-04-07 00:00:00
mageia
mageia
Updated thunderbird packages fix security vulnerabilities
2016-03-16 21:07:23
Updated firefox packages fix security vulnerabilities
2016-03-10 01:57:53
debian
debian
[SECURITY] [DSA 3520-1] icedove security update
2016-03-18 21:06:06
[SECURITY] [DSA 3510-1] iceweasel security update
2016-03-09 18:27:44
archlinux
archlinux
thunderbird: multiple issues
2016-03-20 00:00:00
firefox: multiple issues
2016-03-09 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2016-03-08 00:00:00
veracode
veracode
Buffer Over-Read
2019-05-02 05:27:26
NULL Pointer Dereference
2019-05-02 05:27:24
Use-After-Free
2019-05-02 05:27:24
osv
osv
iceweasel - security update
2016-03-09 00:00:00
suse
suse
Security update for MozillaThunderbird (important)
2016-03-26 17:08:36
Security update for Mozilla Thunderbird (important)
2016-07-11 00:08:02
Security update for MozillaFirefox (important)
2016-03-18 18:12:42
kaspersky
kaspersky
KLA10765 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR
2016-03-08 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2016-05-31 00:00:00