DEBIAN-CVE-2016-2838

DEBIAN-CVE-2016-2838 PUBLISHED CVSS 8.800000190734863 HIGH

Heap-based buffer overflow in the nsBidi::BracketData::AddOpening function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via directional content in an SVG document.

Risk Scores

CVSS v3.0

8.800000190734863

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Debian:14	firefox-esr	0, 0, 0
Debian:12	firefox-esr	0, 0, 0
Debian:13	firefox-esr	0, 0, 0
Debian:11	firefox-esr	0, 0, 0

Timeline

Aug 5, 2016 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2016-2838 advisory

Open in Interactive Console →