CVE-2016-5297
UnknownEPSS 3.65%
Last modified
CVE-2016-5297 is a vulnerability of currently unknown severity. An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.. EPSS estimates a 3.65% chance of exploitation in the next 30 days.
Description
An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | < 45.5.0 |
| Mozilla | Firefox | < 50.0 |
| Mozilla | Thunderbird | < 45.5.0 |
| Debian | Debian Linux | 8.0 |
References
- http://rhn.redhat.com/errata/RHSA-2016-2780.htmlThird Party Advisory
- http://www.securityfocus.com/bid/94336Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1037298Third Party Advisory, VDB Entry
- https://bugzilla.mozilla.org/show_bug.cgi?id=1303678Issue Tracking, Vendor Advisory
- https://security.gentoo.org/glsa/201701-15Third Party Advisory
- https://www.debian.org/security/2016/dsa-3730Third Party Advisory
- https://www.mozilla.org/security/advisories/mfsa2016-89/Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2016-90/Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2016-93/Vendor Advisory
- http://rhn.redhat.com/errata/RHSA-2016-2780.htmlThird Party Advisory
- http://www.securityfocus.com/bid/94336Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1037298Third Party Advisory, VDB Entry
- https://bugzilla.mozilla.org/show_bug.cgi?id=1303678Issue Tracking, Vendor Advisory
- https://security.gentoo.org/glsa/201701-15Third Party Advisory
- https://www.debian.org/security/2016/dsa-3730Third Party Advisory
- https://www.mozilla.org/security/advisories/mfsa2016-89/Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2016-90/Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2016-93/Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2016-5297?
An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.
How severe is CVE-2016-5297?
Severity scoring for CVE-2016-5297 is pending analysis. The EPSS model estimates a 3.65% probability of exploitation in the next 30 days.
How do I fix CVE-2016-5297?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2016-5297?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST