The vulnerability of the Thunderbird email client, as well as the Firefox and Firefox ESR browsers, allows a hacker to trigger a service failure or execute arbitrary code.

🗓️ 31 Mar 2016 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru

Loss of precision in nsHtml5TreeBuilder in Thunderbird and Firefox can trigger code execution or service failure via incorrect closing tags.

Reporter	Title	Published	Views	Family All 151
0day.today	Mozilla Firefox < 45.0 - nsHtml5TreeBuilder Use-After-Free (EMET 5.52 Bypass) Exploit	18 Aug 201700:00	–	zdt
0day.today	Firefox 44.0.2 - ASM.JS JIT-Spray Remote Code Execution Exploit	17 Mar 201800:00	–	zdt
FreeBSD	mozilla -- multiple vulnerabilities	8 Mar 201600:00	–	freebsd
Tenable Nessus	Firefox < 45 Multiple Vulnerabilities	7 Sep 201600:00	–	nessus
Tenable Nessus	Mozilla Firefox < 45.0 Multiple Vulnerabilities	8 Apr 201600:00	–	nessus
Tenable Nessus	CentOS 5 / 6 / 7 : firefox (CESA-2016:0373)	9 Mar 201600:00	–	nessus
Tenable Nessus	CentOS 5 / 6 / 7 : thunderbird (CESA-2016:0460)	17 Mar 201600:00	–	nessus
Tenable Nessus	Debian DSA-3510-1 : iceweasel - security update	10 Mar 201600:00	–	nessus
Tenable Nessus	Debian DSA-3520-1 : icedove - security update	21 Mar 201600:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP1 : firefox (EulerOS-SA-2016-1002)	1 May 201700:00	–	nessus

Vulners

Node

mozilla firefoxRange<45

OR

mozilla thunderbirdRange<38.7

OR

mozilla firefox_esrRange<38.7

Source	Link
bugzilla	www.bugzilla.mozilla.org/show_bug.cgi
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-16-198/
mozilla	www.mozilla.org/security/announce/2016/mfsa2016-23.html
web	www.web.nvd.nist.gov/view/vuln/detail

23 Mar 2021 00:00Current

CVSS 26.8

EPSS0.86455

Thunderbird vulnerability Firefox browser issue nsHtml5TreeBuilder closing tags exploit arbitrary code execution service failure loss of precision