High severity8.8NVD Advisory· Published Jun 13, 2016· Updated May 6, 2026
CVE-2016-2828
CVE-2016-2828
Description
Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via WebGL content that triggers texture access after destruction of the texture's recycle pool.
Affected products
11cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*range: <=46.0.1
- cpe:2.3:a:mozilla:firefox:45.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:45.1.1:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
11- www.mozilla.org/security/announce/2016/mfsa2016-56.htmlnvdVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.htmlnvd
- www.debian.org/security/2016/dsa-3600nvd
- www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlnvd
- www.securityfocus.com/bid/91075nvd
- www.securitytracker.com/id/1036057nvd
- www.ubuntu.com/usn/USN-2993-1nvd
- access.redhat.com/errata/RHSA-2016:1217nvd
- bugzilla.mozilla.org/show_bug.cginvd
News mentions
0No linked articles in our index yet.