Mozilla Firefox 46.0.1 Denial Of Service Overflow Vulnerability
9 Aug. 2016
The TSymbolTableLevel class in ANGLE, as used in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows, allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact by triggering use of a WebGL shader that writes to an array.
* Mozilla Firefox 46.0.1
* Mozilla Firefox Esr 45.1.0
* Mozilla Firefox Esr 45.1.1
* Novell Leap 42.1
* Novell Opensuse 13.1
* Novell Opensuse 13.2
Multiple vulnerabilities were reported in Mozilla Firefox. A remote user can cause arbitrary code to be executed on the target user's system. A local user can obtain elevated privileges on the target system. A remote user can bypass security controls on the target system. A remote user can obtain potentially sensitive information on the target system. A remote user can spoof URLs.
A remote user can create specially crafted content that, when loaded by the target user, will trigger a buffer overflow, use-after-free memory error, or memory corruption error and execute arbitrary code on the target user's system [CVE-2016-2815, CVE-2016-2818, CVE-2016-2819, CVE-2016-2821, CVE-2016-2828].
A remote user can trigger an out-of-bounds write error via the ANGLE graphics library [CVE-2016-2824]. Windows-based systems are affected.