VDB
DEBIAN-CVE-2016-2837
DEBIAN-CVE-2016-2837
PUBLISHED
CVSS 6.300000190734863 MEDIUM
Heap-based buffer overflow in the ClearKey Content Decryption Module (CDM) in the Encrypted Media Extensions (EME) API in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 might allow remote attackers to execute arbitrary code by providing a malformed video and leveraging a Gecko Media Plugin (GMP) sandbox bypass.
Risk Scores
CVSS v3.0
6.300000190734863
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | firefox-esr | 0, 0, 0 |
| Debian:13 | firefox-esr | 0, 0, 0 |
| Debian:11 | firefox-esr | 0, 0, 0 |
| Debian:14 | firefox-esr | 0, 0, 0 |
Timeline
- Aug 5, 2016 CVE Published
- Apr 28, 2026 CVE Updated