CVE-2016-5276

Published: Sep 22, 2016Modified: May 6, 2026

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Use-after-free vulnerability in the mozilla::a11y::DocAccessible::ProcessInvalidationList function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an aria-owns attribute.

Affected (5)

Products: Mozilla: Firefox

1 product

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Up to 48.0.2
Mozilla Firefox	Version 45.1.0
Mozilla Firefox	Version 45.1.1
Mozilla Firefox	Version 45.2.0
Mozilla Firefox	Version 45.3.0

Related CWEs

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (20)

http://rhn.redhat.com/errata/RHSA-2016-1912.html

Source: security@mozilla.org

http://www.debian.org/security/2016/dsa-3674

Source: security@mozilla.org

http://www.mozilla.org/security/announce/2016/mfsa2016-85.html

Source: security@mozilla.org

Vendor Advisory

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html

Source: security@mozilla.org

http://www.securityfocus.com/bid/93049

Source: security@mozilla.org

http://www.securitytracker.com/id/1036852

Source: security@mozilla.org

https://bugzilla.mozilla.org/show_bug.cgi?id=1287721

Source: security@mozilla.org

Issue Tracking

https://security.gentoo.org/glsa/201701-15

Source: security@mozilla.org

https://www.mozilla.org/security/advisories/mfsa2016-86/

Source: security@mozilla.org

https://www.mozilla.org/security/advisories/mfsa2016-88/

Source: security@mozilla.org

http://rhn.redhat.com/errata/RHSA-2016-1912.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2016/dsa-3674

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mozilla.org/security/announce/2016/mfsa2016-85.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/93049

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1036852

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.mozilla.org/show_bug.cgi?id=1287721

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking

https://security.gentoo.org/glsa/201701-15

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.mozilla.org/security/advisories/mfsa2016-86/

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.mozilla.org/security/advisories/mfsa2016-88/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.