Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/firefox@45.2.0-1?arch=el7_2
purl pkg:rpm/redhat/firefox@45.2.0-1?arch=el7_2
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 10.0
Vulnerabilities affecting this package (6)
Vulnerability Summary Fixed by
VCID-4gwx-75uj-tyep
Aliases:
CVE-2016-2828
Mozilla community member jomo reported a use-after-free crash when processing WebGL content. This issue was caused by the use of a texture after its recycle pool has been destroyed during WebGL operations, which frees the memory associated with the texture. This results in a potentially exploitable crash when the texture is later called. There are no reported fixed by versions.
VCID-bd3j-r1wt-dyf4
Aliases:
CVE-2016-2831
Security researcher sushi Anton Larsson reported that when paired fullscreen and pointerlock requests are done in combination with closing windows, a pointerlock can be created within a fullscreen window without user permission. This pointerlock cannot then be cancelled without terminating the browser, resulting in a persistent denial of service attack. This can also be used for spoofing and clickjacking attacks against the browser UI. There are no reported fixed by versions.
VCID-bp6q-cu6s-2ke7
Aliases:
CVE-2016-2818
Mozilla developers and community members reported several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. There are no reported fixed by versions.
VCID-ev18-anej-zbap
Aliases:
CVE-2016-2822
Security researcher Jordi Chancel reported a method to spoof the contents of the addressbar. This uses a persistent menu within a <select> element, which acts as a container for HTML content and can be placed in an arbitrary location. When placed over the addressbar, this can mask the true site URL, allowing for spoofing by a malicious site. There are no reported fixed by versions.
VCID-kvkh-dxw4-rfde
Aliases:
CVE-2016-2819
Security researcher firehack reported a buffer overflow when parsing HTML5 fragments in a foreign context such as under an <svg> node. This results in a potentially exploitable crash when inserting an HTML fragment into an existing document. There are no reported fixed by versions.
VCID-sr99-hhmv-xkhq
Aliases:
CVE-2016-2821
Security researcher firehack used the Address Sanitizer tool to discover a use-after-free in contenteditable mode. This occurs when deleting document object model (DOM) table elements created within the editor and results in a potentially exploitable crash. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T14:36:26.233391+00:00 RedHat Importer Affected by VCID-4gwx-75uj-tyep https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2828.json 38.0.0
2026-04-01T14:36:26.190216+00:00 RedHat Importer Affected by VCID-ev18-anej-zbap https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2822.json 38.0.0
2026-04-01T14:36:26.147736+00:00 RedHat Importer Affected by VCID-sr99-hhmv-xkhq https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2821.json 38.0.0
2026-04-01T14:36:26.105082+00:00 RedHat Importer Affected by VCID-kvkh-dxw4-rfde https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2819.json 38.0.0
2026-04-01T14:36:26.050756+00:00 RedHat Importer Affected by VCID-bp6q-cu6s-2ke7 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2818.json 38.0.0
2026-04-01T14:36:25.915646+00:00 RedHat Importer Affected by VCID-bd3j-r1wt-dyf4 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2831.json 38.0.0