VYPR
← All advisories
High severity8.8NVD Advisory· Published Jan 31, 2016· Updated May 6, 2026

CVE-2016-1935

CVE-2016-1935

Description

Buffer overflow in the BufferSubData function in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allows remote attackers to execute arbitrary code via crafted WebGL content.

Affected products

13
  • Mozilla Corporation/Firefox7 versions
    cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*+ 6 more
    • cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*range: <=43.0.4
    • cpe:2.3:a:mozilla:firefox:38.0:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:38.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:38.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:38.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:38.4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:38.5.0:*:*:*:*:*:*:*
  • OpenSUSE/Leap
    cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
  • OpenSUSE/openSUSE2 versions
    cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
    • cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
  • Oracle Corporation/Linux3 versions
    cpe:2.3:o:oracle:linux:5.0:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:oracle:linux:5.0:*:*:*:*:*:*:*
    • cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*
    • cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

19

News mentions

0

No linked articles in our index yet.