ByteOS Network

Vulnerability Details :

CVE-2016-5297

Assigner Org ID-f16b083a-5664-49f3-a51e-8d479e5ed7fe

Published At-11 Jun, 2018 | 21:00

Updated At-06 Aug, 2024 | 00:53

An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:mozilla

Assigner Org ID:f16b083a-5664-49f3-a51e-8d479e5ed7fe

Published At:11 Jun, 2018 | 21:00

Updated At:06 Aug, 2024 | 00:53

▼CVE Numbering Authority (CNA)

Affected Products

Vendor

Mozilla Corporation

Product

Thunderbird

Versions

Affected

From unspecified before 45.5 (custom)

Vendor

Mozilla Corporation

Product

Firefox ESR

Versions

Affected

From unspecified before 45.5 (custom)

Vendor

Mozilla Corporation

Product

Firefox

Versions

Affected

From unspecified before 50 (custom)

Problem Types

Type	CWE ID	Description
text	N/A	Incorrect argument length checking in JavaScript

Type: text

CWE ID: N/A

Description: Incorrect argument length checking in JavaScript

References

Hyperlink	Resource
https://www.debian.org/security/2016/dsa-3730	vendor-advisory x_refsource_DEBIAN
http://www.securitytracker.com/id/1037298	vdb-entry x_refsource_SECTRACK
https://security.gentoo.org/glsa/201701-15	vendor-advisory x_refsource_GENTOO
https://bugzilla.mozilla.org/show_bug.cgi?id=1303678	x_refsource_CONFIRM
http://www.securityfocus.com/bid/94336	vdb-entry x_refsource_BID
https://www.mozilla.org/security/advisories/mfsa2016-93/	x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2016-2780.html	vendor-advisory x_refsource_REDHAT
https://www.mozilla.org/security/advisories/mfsa2016-89/	x_refsource_CONFIRM
https://www.mozilla.org/security/advisories/mfsa2016-90/	x_refsource_CONFIRM

Hyperlink: https://www.debian.org/security/2016/dsa-3730

Resource:

vendor-advisory

x_refsource_DEBIAN

Hyperlink: http://www.securitytracker.com/id/1037298

Resource:

vdb-entry

x_refsource_SECTRACK

Hyperlink: https://security.gentoo.org/glsa/201701-15

Resource:

vendor-advisory

x_refsource_GENTOO

Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1303678

Resource:

x_refsource_CONFIRM

Hyperlink: http://www.securityfocus.com/bid/94336

Resource:

vdb-entry

x_refsource_BID

Hyperlink: https://www.mozilla.org/security/advisories/mfsa2016-93/

Resource:

x_refsource_CONFIRM

Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-2780.html

Resource:

vendor-advisory

x_refsource_REDHAT

Hyperlink: https://www.mozilla.org/security/advisories/mfsa2016-89/

Resource:

x_refsource_CONFIRM

Hyperlink: https://www.mozilla.org/security/advisories/mfsa2016-90/

Resource:

x_refsource_CONFIRM

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
https://www.debian.org/security/2016/dsa-3730	vendor-advisory x_refsource_DEBIAN x_transferred
http://www.securitytracker.com/id/1037298	vdb-entry x_refsource_SECTRACK x_transferred
https://security.gentoo.org/glsa/201701-15	vendor-advisory x_refsource_GENTOO x_transferred
https://bugzilla.mozilla.org/show_bug.cgi?id=1303678	x_refsource_CONFIRM x_transferred
http://www.securityfocus.com/bid/94336	vdb-entry x_refsource_BID x_transferred
https://www.mozilla.org/security/advisories/mfsa2016-93/	x_refsource_CONFIRM x_transferred
http://rhn.redhat.com/errata/RHSA-2016-2780.html	vendor-advisory x_refsource_REDHAT x_transferred
https://www.mozilla.org/security/advisories/mfsa2016-89/	x_refsource_CONFIRM x_transferred
https://www.mozilla.org/security/advisories/mfsa2016-90/	x_refsource_CONFIRM x_transferred

Hyperlink: https://www.debian.org/security/2016/dsa-3730

Resource:

vendor-advisory

x_refsource_DEBIAN

x_transferred

Hyperlink: http://www.securitytracker.com/id/1037298

Resource:

vdb-entry

x_refsource_SECTRACK

x_transferred

Hyperlink: https://security.gentoo.org/glsa/201701-15

Resource:

vendor-advisory

x_refsource_GENTOO

x_transferred

Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1303678

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: http://www.securityfocus.com/bid/94336

Resource:

vdb-entry

x_refsource_BID

x_transferred

Hyperlink: https://www.mozilla.org/security/advisories/mfsa2016-93/

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-2780.html

Resource:

vendor-advisory

x_refsource_REDHAT

x_transferred

Hyperlink: https://www.mozilla.org/security/advisories/mfsa2016-89/

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: https://www.mozilla.org/security/advisories/mfsa2016-90/

Resource:

x_refsource_CONFIRM

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:security@mozilla.org

Published At:11 Jun, 2018 | 21:29

Updated At:30 Jul, 2018 | 12:53

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	9.8	CRITICAL	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary	2.0	7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P

Type: Primary

Version: 3.0

Base score: 9.8

Base severity: CRITICAL

Vector:

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Primary

Version: 2.0

Base score: 7.5

Base severity: HIGH

Vector:

AV:N/AC:L/Au:N/C:P/I:P/A:P

CPE Matches

Mozilla Corporation

>>firefox>>Versions before 50.0(exclusive)

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

Mozilla Corporation

>>firefox_esr>>Versions before 45.5.0(exclusive)

cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*

Mozilla Corporation

>>thunderbird>>Versions before 45.5.0(exclusive)

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

Debian GNU/Linux

>>debian_linux>>8.0

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-190	Primary	nvd@nist.gov

CWE ID: CWE-190

Type: Primary

Source: nvd@nist.gov