VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-5hjp-yuf4-dqd6

Vulnerability ID	VCID-5hjp-yuf4-dqd6
Aliases	CVE-2016-2808
Summary	The CESG, the Information Security Arm of GCHQ, reported that the JavaScript .watch() method could be used to overflow the 32-bit generation count of the underlying HashMap, resulting in a write to an invalid entry. Under the right conditions this write could lead to arbitrary code execution. The overflow takes considerable time and a malicious page would require a user to keep it open for the duration of the attack.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (0)

There are no known CWE.

System	Score	Found at
epss	0.00681	https://api.first.org/data/v1/epss?cve=CVE-2016-2808
epss	0.00681	https://api.first.org/data/v1/epss?cve=CVE-2016-2808
epss	0.00681	https://api.first.org/data/v1/epss?cve=CVE-2016-2808
epss	0.00681	https://api.first.org/data/v1/epss?cve=CVE-2016-2808
epss	0.00681	https://api.first.org/data/v1/epss?cve=CVE-2016-2808
epss	0.00681	https://api.first.org/data/v1/epss?cve=CVE-2016-2808
epss	0.00681	https://api.first.org/data/v1/epss?cve=CVE-2016-2808
epss	0.00681	https://api.first.org/data/v1/epss?cve=CVE-2016-2808
epss	0.00681	https://api.first.org/data/v1/epss?cve=CVE-2016-2808
epss	0.00681	https://api.first.org/data/v1/epss?cve=CVE-2016-2808
epss	0.00681	https://api.first.org/data/v1/epss?cve=CVE-2016-2808
epss	0.00681	https://api.first.org/data/v1/epss?cve=CVE-2016-2808
epss	0.00681	https://api.first.org/data/v1/epss?cve=CVE-2016-2808
epss	0.00681	https://api.first.org/data/v1/epss?cve=CVE-2016-2808
epss	0.00681	https://api.first.org/data/v1/epss?cve=CVE-2016-2808
epss	0.00681	https://api.first.org/data/v1/epss?cve=CVE-2016-2808
epss	0.00681	https://api.first.org/data/v1/epss?cve=CVE-2016-2808
cvssv2	5.1	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2016-47

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2808.json
		https://api.first.org/data/v1/epss?cve=CVE-2016-2808
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1330286		https://bugzilla.redhat.com/show_bug.cgi?id=1330286
CVE-2016-2808		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2808
mfsa2016-47		https://www.mozilla.org/en-US/security/advisories/mfsa2016-47
RHSA-2016:0695		https://access.redhat.com/errata/RHSA-2016:0695
USN-2936-1		https://usn.ubuntu.com/2936-1/

No exploits are available.

Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Exploit Prediction Scoring System (EPSS)

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:10:16.050287+00:00	Mozilla Importer	Import	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2016/mfsa2016-47.md	37.0.0