CVE-2016-5264 Vulnerability

Use-after-free vulnerability in the nsNodeUtils::NativeAnonymousChildListChange function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an SVG element that is mishandled during effect application. (CVSS:6.8) (Last Update:2016-08-05)

Vulnerability Details : Use-after-free vulnerability in the nsNodeUtils::NativeAnonymousChildListChange function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an SVG element that is mishandled during effect application. Publish Date : 2016-08-04 Last Update Date : 2016-08-05 - CVSS Scores & Vulnerability Types CVSS Score 6.8 Confidentiality Impact Partial(There is considerable informational disclosure.) Integrity Impact Partial(Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.) Availability Impact Partial(There is reduced performance or interruptions in resource availability.) Access Complexity Medium(The access conditions are somewhat specialized. Some preconditions must be satistified to exploit) Authentication Not required(Authentication is not required to exploit the vulnerability.) Gained Access None Vulnerability Type(s) Denial Of ServiceExecute CodeMemory corruption CWE ID 416 - Related OVAL Definitions Title Definition Id Class Family RHSA-2016:1551: firefox security update (Critical) oval:com.redhat.rhsa:def:20161551 unix OVAL (Open Vulnerability and Assessment Language) definitions define exactly what should be done to verify a vulnerability or a missing patch. Check out the OVAL definitions if you want to learn what you should do to verify a vulnerability. - Products Affected By CVE-2016-5264 # Product Type Vendor Product Version Update Edition Language 1 Application Mozilla Firefox 47.0.1 Version Details Vulnerabilities 2 Application Mozilla Firefox Esr 45.1.0 Version Details Vulnerabilities 3 Application Mozilla Firefox Esr 45.1.1 Version Details Vulnerabilities 4 Application Mozilla Firefox Esr 45.2.0 Version Details Vulnerabilities 5 Application Mozilla Firefox Esr 45.3.0 Version Details Vulnerabilities - Number Of Affected Versions By Product Vendor Product Vulnerable Versions Mozilla Firefox 1 Mozilla Firefox Esr 4 - References For CVE-2016-5264 http://www.mozilla.org/security/announce/2016/mfsa2016-79.html CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=1286183 CONFIRM

- Metasploit Modules Related To CVE-2016-5264 There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)