CVE-2016-2821

Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2, when contenteditable mode is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by triggering deletion of DOM elements that were created in the editor.
Configurations

Configuration 1 (hide)

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:mozilla:firefox:45.1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:45.1.1:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

History

22 Oct 2024, 13:54

Type Values Removed Values Added
CPE cpe:2.3:a:mozilla:firefox_esr:45.1.0:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:45.1.0:*:*:*:*:*:*:*

21 Oct 2024, 13:11

Type Values Removed Values Added
CPE cpe:2.3:a:mozilla:firefox_esr:45.1.1:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:45.1.1:*:*:*:*:*:*:*

Information

Published : 2016-06-13 10:59

Updated : 2024-10-22 13:54


NVD link : CVE-2016-2821

Mitre link : CVE-2016-2821

CVE.ORG link : CVE-2016-2821


JSON object : View

Products Affected

debian

  • debian_linux

opensuse

  • opensuse
  • leap

mozilla

  • firefox

canonical

  • ubuntu_linux