High severity8.8NVD Advisory· Published Apr 30, 2016· Updated Jun 17, 2026
CVE-2016-2811
CVE-2016-2811
Description
Use-after-free vulnerability in the ServiceWorkerInfo class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute arbitrary code via vectors related to the BeginReading method.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*range: <=45.0.2
- (no CPE)range: <46.0
- osv-coords2 versionspkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweed
< 128.5.1-1.1+ 1 more
- (no CPE)range: < 128.5.1-1.1
- (no CPE)range: < 50.1.0-1.1
Patches
Vulnerability mechanics
References
9- www.mozilla.org/security/announce/2016/mfsa2016-42.htmlnvdVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2016-05/msg00005.htmlnvd
- lists.opensuse.org/opensuse-updates/2016-05/msg00038.htmlnvd
- www.securitytracker.com/id/1035692nvd
- www.ubuntu.com/usn/USN-2936-1nvd
- www.ubuntu.com/usn/USN-2936-2nvd
- www.ubuntu.com/usn/USN-2936-3nvd
- bugzilla.mozilla.org/show_bug.cginvd
- security.gentoo.org/glsa/201701-15nvd
News mentions
0No linked articles in our index yet.