High severity8.8NVD Advisory· Published Sep 22, 2016· Updated May 6, 2026
CVE-2016-5278
CVE-2016-5278
Description
Heap-based buffer overflow in the nsBMPEncoder::AddImageFrame function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via a crafted image data that is mishandled during the encoding of an image frame to an image.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- www.mozilla.org/security/announce/2016/mfsa2016-85.htmlnvdVendor Advisory
- bugzilla.mozilla.org/show_bug.cginvdIssue Tracking
- rhn.redhat.com/errata/RHSA-2016-1912.htmlnvd
- www.debian.org/security/2016/dsa-3674nvd
- www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.htmlnvd
- www.securityfocus.com/bid/93049nvd
- www.securitytracker.com/id/1036852nvd
- security.gentoo.org/glsa/201701-15nvd
- www.mozilla.org/security/advisories/mfsa2016-86/nvd
- www.mozilla.org/security/advisories/mfsa2016-88/nvd
News mentions
0No linked articles in our index yet.