| 0 |
| url |
VCID-7yr6-9vzv-g3h3 |
| vulnerability_id |
VCID-7yr6-9vzv-g3h3 |
| summary |
An anonymous security researcher working with Trend Micro's Zero Day Initiative
reported a buffer overflow in the ClearKey Content Decryption Module (CDM) used by the
Encrypted Media Extensions (EME) API. This vulnerability can be triggered using a
malformed video file due to incorrect error handling. This could allow arbitrary code
execution if combined with a second vulnerability that allows an escape from the Gecko
Media Plugin (GMP) sandbox. Without such a vulnerability, the buffer overflow is contained
within the GMP sandbox and cannot be exploited. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-2837
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7yr6-9vzv-g3h3 |
|
| 1 |
| url |
VCID-dhm8-3yaq-hfd7 |
| vulnerability_id |
VCID-dhm8-3yaq-hfd7 |
| summary |
Security researcher Abdulrahman Alqabandi reported that when a local
HTML file resides in the same directory as a malicious local shortcut file, the shortcut
can be called by the local page to allow the page to read the contents of local files or
directories or to load an arbitrary website in violation of same-origin policy, allowing
for data theft. In order for this vulnerability to be triggered, both the malicious HTML
file as well as the shortcut must be saved to the same local directory and then loaded
from there by a user. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-5265
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dhm8-3yaq-hfd7 |
|
| 2 |
| url |
VCID-eefa-gdnq-8kb7 |
| vulnerability_id |
VCID-eefa-gdnq-8kb7 |
| summary |
Mozilla developers and community members reported several memory safety bugs in the
browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed
evidence of memory corruption under certain circumstances, and we presume that with enough
effort at least some of these could be exploited to run arbitrary code. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-2836
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-eefa-gdnq-8kb7 |
|
| 3 |
| url |
VCID-ewwn-e3cz-2fdh |
| vulnerability_id |
VCID-ewwn-e3cz-2fdh |
| summary |
Security researcher Nikita Arykov reported that JavaScript event
handler attributes on a <marquee> tag will execute inside a sandboxed
iframe that does not have the allow-scripts flag set. This could result in a cross-site
scripting (XSS) vulnerability in a site that depends on the iframe sandbox for
sanitization and does no other content filtering. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-5262
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ewwn-e3cz-2fdh |
|
| 4 |
| url |
VCID-gq8z-hdmh-vqba |
| vulnerability_id |
VCID-gq8z-hdmh-vqba |
| summary |
Security researcher Abhishek Arya (Inferno) of the Google
Chrome Security Team reported a use-after-free vulnerability when the alt key
is used in conjunction with toplevel menu items in Firefox. This results in a potentially
exploitable crash when triggered. This vulnerability is mitigated by not being triggerable
by web content, only direct user interaction with the keyboard. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-5254
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gq8z-hdmh-vqba |
|
| 5 |
| url |
VCID-pksn-mgxr-hyfe |
| vulnerability_id |
VCID-pksn-mgxr-hyfe |
| summary |
Using the Address Sanitizer tool, security researcher Atte Kettunen
found a buffer overflow during the rendering of SVG format graphics with directional
content. This is caused by a flaw in directional-isolate processing and results in a
potentially exploitable crash. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-2838
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pksn-mgxr-hyfe |
|
| 6 |
| url |
VCID-rf28-tvhm-akgj |
| vulnerability_id |
VCID-rf28-tvhm-akgj |
| summary |
Security researcher Looben Yang reported a use-after-free
vulnerability in WebRTC. This occurs during WebRTC session shutdown when DTLS objects in
memory are freed while still actively in use. This results in a potentially exploitable
crash. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-5258
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rf28-tvhm-akgj |
|
| 7 |
| url |
VCID-rgr8-wktt-zqac |
| vulnerability_id |
VCID-rgr8-wktt-zqac |
| summary |
Georg Koppen of the Tor Project used the Address Sanitizer tool to
discover a stack buffer underflow when calculating clipping regions in 2D graphics. This
results in a potentially exploitable crash. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-5252
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rgr8-wktt-zqac |
|
| 8 |
| url |
VCID-rxw6-exsx-jqcr |
| vulnerability_id |
VCID-rxw6-exsx-jqcr |
| summary |
Security researcher Looben Yang discovered a use-after-free
vulnerability when working with nested sync event loops in Service Workers. He discovered
a mechanism where scripts can close their own worker, which will then trigger a
synchronization XMLHttpRequest on this now closed and released worker. This results in a
potentially exploitable crash when triggered. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-5259
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rxw6-exsx-jqcr |
|
| 9 |
| url |
VCID-sw5f-jx18-3fg7 |
| vulnerability_id |
VCID-sw5f-jx18-3fg7 |
| summary |
Security researcher Nils used the Address Sanitizer tool to discover a
use-after-free vulnerability when applying effects to SVG elements. This results in a
potentially exploitable crash. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-5264
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-sw5f-jx18-3fg7 |
|
| 10 |
| url |
VCID-wcam-fcv5-j7h4 |
| vulnerability_id |
VCID-wcam-fcv5-j7h4 |
| summary |
Security researcher Toni Huttunen reported that once the favicon is
requested from a site, the remote server can keep the favicon network connection open even
when the page is later closed. This allows a malicious site to continue to use this
channel to send requests to the browser, leading to potential information disclosure, such as tracking the user across multiple IP addresses as the user changes networks. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-2830
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wcam-fcv5-j7h4 |
|
| 11 |
| url |
VCID-wex6-qb1v-c3ay |
| vulnerability_id |
VCID-wex6-qb1v-c3ay |
| summary |
Using the Address Sanitizer tool, security researcher Nils reported a
type confusion flaw in display transformation during rendering due to incorrect bounds
checking. This leads to a potentially exploitable crash and can be triggered by web
content. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-5263
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wex6-qb1v-c3ay |
|
| 12 |
| url |
VCID-y45n-gp2d-vqh5 |
| vulnerability_id |
VCID-y45n-gp2d-vqh5 |
| summary |
Security researcher Bert Massop reported a crash in the Cairo graphics
layer on Linux systems using the LibAV library included in version 0.10 of the FFmpeg
library. This was due to an error when allocating the LibAV header when decoding some
videos.
This only affects systems running the Linux operating system that also
have FFMpeg version 0.10 installed and does not affect OS X or Windows systems. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-2839
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-y45n-gp2d-vqh5 |
|