9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.048 Low
EPSS
Percentile
91.8%
Out-of-bounds read during XML parsing in Expat library.
Favicon network connection can persist when page is closed.
Mozilla developers and community members reported several memory safety
bugs in the browser engine used in firefox and other Mozilla-based
products. Some of these bugs showed evidence of memory corruption under
certain circumstances, and we presume that with enough effort at least
some of these could be exploited to run arbitrary code.
Buffer overflow in ClearKey Content Decryption Module (CDM) during video
playback
Buffer overflow rendering SVG with bidirectional content.
Information disclosure through Resource Timing API during page
navigation.
Location bar spoofing via data URLs with malformed/invalid mediatypes.
Stack underflow during 2D graphics rendering.
Use-after-free when using alt key and toplevel menus.
Crash in incremental garbage collection in JavaScript.
Use-after-free in DTLS during WebRTC session shutdown.
Use-after-free in service workers with nested sync events.
Form input type change from password to text can store plain text
password in session restore file.
Integer overflow in WebSockets during data buffering.
Scripts on marquee tag can execute in sandboxed iframes.
Type confusion in display transformation
Use-after-free when applying SVG effects.
Same-origin policy violation using local HTML file and saved shortcut
file.
Information disclosure and local file manipulation through drag and
drop.
Spoofing attack through text injection into internal error pages.
access.redhat.com/security/cve/CVE-2016-0718
access.redhat.com/security/cve/CVE-2016-2830
access.redhat.com/security/cve/CVE-2016-2835
access.redhat.com/security/cve/CVE-2016-2836
access.redhat.com/security/cve/CVE-2016-2837
access.redhat.com/security/cve/CVE-2016-2838
access.redhat.com/security/cve/CVE-2016-5250
access.redhat.com/security/cve/CVE-2016-5251
access.redhat.com/security/cve/CVE-2016-5252
access.redhat.com/security/cve/CVE-2016-5254
access.redhat.com/security/cve/CVE-2016-5255
access.redhat.com/security/cve/CVE-2016-5258
access.redhat.com/security/cve/CVE-2016-5259
access.redhat.com/security/cve/CVE-2016-5260
access.redhat.com/security/cve/CVE-2016-5261
access.redhat.com/security/cve/CVE-2016-5262
access.redhat.com/security/cve/CVE-2016-5263
access.redhat.com/security/cve/CVE-2016-5264
access.redhat.com/security/cve/CVE-2016-5265
access.redhat.com/security/cve/CVE-2016-5266
access.redhat.com/security/cve/CVE-2016-5268
www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox48
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.048 Low
EPSS
Percentile
91.8%