#VU1040 Arbitrary code execution in Mozilla Firefox - CVE-2016-5287
Published: October 21, 2016 / Updated: February 16, 2018
Vulnerability identifier: #VU1040
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2016-5287
CWE-ID: CWE-416
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Mozilla Firefox
Mozilla Firefox
Software vendor:
Mozilla
Mozilla
Description
The vulnerability allows a remote unauthenticated user to execute arbitrary code on the target system.
The weakness is due to insufficient input validation. By tricking the victim to download a specially crafted content, attackers can trigger a use-after-free memory error in nsTArray_base::SwapArrayElements() and execute arbitrary code.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
The weakness is due to insufficient input validation. By tricking the victim to download a specially crafted content, attackers can trigger a use-after-free memory error in nsTArray_base::SwapArrayElements() and execute arbitrary code.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Remediation
Update to version 49.0.2.