CVE-2016-2824
high
CVSS v3
8.8
CVSS v2
6.8
VIR risk
8.8
Description
The TSymbolTableLevel class in ANGLE, as used in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows, allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact by triggering use of a WebGL shader that writes to an array.
Predictions
Exploit likelihood
92%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2016-2824
Vendor advisory: security@mozilla.org — http://www.mozilla.org/security/announce/2016/mfsa2016-53.html
Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2016-2824.html
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| sles | affected | | |
| debian | sid | fixed | 0 |
| debian | bookworm | fixed | 0 |
| debian | bullseye | fixed | 0 |
| debian | forky | fixed | 0 |
| debian | trixie | fixed | 0 |
| suse | 42.1 | affected | |
| suse | 13.1 | affected | |
| suse | 13.2 | affected | |
References
- https://www.suse.com/security/cve/CVE-2016-2824.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.html
- http://www.mozilla.org/security/announce/2016/mfsa2016-53.html
- http://www.securityfocus.com/bid/91075
- http://www.securitytracker.com/id/1036057
- https://bugzilla.mozilla.org/show_bug.cgi?id=1248580
- https://security-tracker.debian.org/tracker/CVE-2016-2824
CWEs
CWE-119
Verify integrity in audit chain (admin only). AS-IS.