Medium severity6.3NVD Advisory· Published Aug 5, 2016· Updated Jun 17, 2026
CVE-2016-2837
CVE-2016-2837
Description
Heap-based buffer overflow in the ClearKey Content Decryption Module (CDM) in the Encrypted Media Extensions (EME) API in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 might allow remote attackers to execute arbitrary code by providing a malformed video and leveraging a Gecko Media Plugin (GMP) sandbox bypass.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
33cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*range: <=47.0.1
- cpe:2.3:a:mozilla:firefox:45.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:45.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:45.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:45.3.0:*:*:*:*:*:*:*
- (no CPE)range: <48.0
cpe:2.3:o:oracle:linux:5.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:oracle:linux:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*
- osv-coords24 versionspkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Tumbleweedpkg:rpm/suse/firefox-fontconfig&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSSpkg:rpm/suse/MozillaFirefox-branding-SLED&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATApkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Manager%202.1pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Manager%20Proxy%202.1pkg:rpm/suse/MozillaFirefox&distro=SUSE%20OpenStack%20Cloud%205pkg:rpm/suse/mozilla-nspr&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSSpkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSSpkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Package%20Hub%2012
< 128.5.1-1.1+ 23 more
- (no CPE)range: < 128.5.1-1.1
- (no CPE)range: < 50.1.0-1.1
- (no CPE)range: < 45.5.1-1.1
- (no CPE)range: < 2.11.0-4.2
- (no CPE)range: < 45.0-20.38
- (no CPE)range: < 45.3.0esr-78.1
- (no CPE)range: < 45.3.0esr-50.1
- (no CPE)range: < 45.3.0esr-48.1
- (no CPE)range: < 45.3.0esr-50.1
- (no CPE)range: < 45.3.0esr-50.1
- (no CPE)range: < 45.3.0esr-50.1
- (no CPE)range: < 45.3.0esr-78.1
- (no CPE)range: < 45.3.0esr-78.1
- (no CPE)range: < 45.3.0esr-50.1
- (no CPE)range: < 45.3.0esr-78.1
- (no CPE)range: < 45.3.0esr-78.1
- (no CPE)range: < 45.3.0esr-50.1
- (no CPE)range: < 45.3.0esr-78.1
- (no CPE)range: < 45.3.0esr-50.1
- (no CPE)range: < 45.3.0esr-50.1
- (no CPE)range: < 45.3.0esr-50.1
- (no CPE)range: < 4.12-25.2
- (no CPE)range: < 3.21.1-26.2
- (no CPE)range: < 45.3.0-9.1
Patches
Vulnerability mechanics
References
12- www.mozilla.org/security/announce/2016/mfsa2016-77.htmlnvdVendor Advisory
- www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.htmlnvdThird Party Advisory
- bugzilla.mozilla.org/show_bug.cginvdIssue TrackingPermissions Required
- lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.htmlnvd
- rhn.redhat.com/errata/RHSA-2016-1551.htmlnvd
- www.debian.org/security/2016/dsa-3640nvd
- www.securityfocus.com/bid/92258nvd
- www.securitytracker.com/id/1036508nvd
- www.ubuntu.com/usn/USN-3044-1nvd
- www.zerodayinitiative.com/advisories/ZDI-16-673nvd
- security.gentoo.org/glsa/201701-15nvd
News mentions
0No linked articles in our index yet.