SB2016092215 - Arbitrary code execution in Mozilla Firefox
Published: September 22, 2016 Updated: January 11, 2017
Security Bulletin ID
SB2016092215
CSH Severity
High
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Arbitrary code execution (CVE-ID: CVE-2016-5272)
CWE-ID: CWE-284 - Improper Access Control
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability may lead to arbitrary code execution on the target system.
The weakness exists during processing layout with input element. invalid cast in nsImageGeometryMixin(). An invalid cast in nsImageGeometryMixin() can cause a potentially exploitable crash.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Remediation
Install update from vendor's website.