JSON View XML View

Key Value
MTID M116523
Title Mozilla Firefox /Firefox ESR DOM Use-After-Free Remote Code Execution
Description A vulnerability in some versions of Mozilla Firefox and Firefox ESR could lead to remote code execution.
Observation A vulnerability in some versions of Mozilla Firefox and Firefox ESR could lead to remote code execution.

The flaw occurs while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. Successful exploitation by a remote attacker could result in the execution of arbitrary code.
Recommendation The vendor has released an update to address the issue:

https://www.mozilla.org/en-US/security/advisories/mfsa2016-94/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/

Vendor Mozilla
Attack Vector Malicious remote network traffic
Importance 9
Impact 10.00084536000
Threat Score 9.33
Labels
References
CVECVE-2016-9899
DISA IAVA2016-A-0342
MTIDM116523
CPEs
cpe:/a:mozilla:firefox_esr:45.5
cpe:/a:mozilla:firefox:50.0.2
Created At 2016-12-13 00:00:00 UTC
Updated At 2017-02-16 15:09:53 UTC

Back