CVE-2016-2824

moderate-risk

Published 2016-06-13

The TSymbolTableLevel class in ANGLE, as used in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows, allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact by triggering use of a WebGL shader that writes to an array.

Do I need to act?

-

0.70% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

8

CVSS 8.8/10 High

NETWORK / LOW complexity

Affected Products (6)

Firefox

Opensuse

Firefox

Firefox

Leap

Opensuse

Affected Vendors

Mozilla Opensuse

References (14)

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.html

Vendor Advisory http://www.mozilla.org/security/announce/2016/mfsa2016-53.html

http://www.securityfocus.com/bid/91075

http://www.securitytracker.com/id/1036057

https://bugzilla.mozilla.org/show_bug.cgi?id=1248580

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.html

Vendor Advisory http://www.mozilla.org/security/announce/2016/mfsa2016-53.html

http://www.securityfocus.com/bid/91075

http://www.securitytracker.com/id/1036057

https://bugzilla.mozilla.org/show_bug.cgi?id=1248580

45

/ 100

moderate-risk

Severity 30/34 · Critical

Exploitability 2/34 · Minimal

Exposure 13/34 · Low