Critical severity9.8NVD Advisory· Published Sep 22, 2016· Updated May 6, 2026
CVE-2016-5270
CVE-2016-5270
Description
Heap-based buffer overflow in the nsCaseTransformTextRunFactory::TransformString function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to cause a denial of service (boolean out-of-bounds write) or possibly have unspecified other impact via Unicode characters that are mishandled during text conversion.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- www.mozilla.org/security/announce/2016/mfsa2016-85.htmlnvdVendor Advisory
- bugzilla.mozilla.org/show_bug.cginvdIssue Tracking
- rhn.redhat.com/errata/RHSA-2016-1912.htmlnvd
- www.debian.org/security/2016/dsa-3674nvd
- www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.htmlnvd
- www.securityfocus.com/bid/93049nvd
- www.securitytracker.com/id/1036852nvd
- security.gentoo.org/glsa/201701-15nvd
- www.mozilla.org/security/advisories/mfsa2016-86/nvd
- www.mozilla.org/security/advisories/mfsa2016-88/nvd
News mentions
0No linked articles in our index yet.