CVE-2016-2818
Publication date 8 June 2016
Last updated 24 July 2024
Ubuntu priority
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| firefox | 16.04 LTS xenial |
Fixed 47.0+build3-0ubuntu0.16.04.1
|
| 14.04 LTS trusty |
Fixed 47.0+build3-0ubuntu0.14.04.1
|
|
| thunderbird | 16.04 LTS xenial |
Fixed 1:45.2.0+build1-0ubuntu0.16.04.1
|
| 14.04 LTS trusty |
Fixed 1:45.2.0+build1-0ubuntu0.14.04.3
|
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
8.8 · High
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-3023-1
- Thunderbird vulnerabilities
- 18 July 2016
- USN-2993-1
- Firefox vulnerabilities
- 9 June 2016