nvd-json-data-feeds/CVE-2016/CVE-2016-52xx/CVE-2016-5270.json

{
  "id": "CVE-2016-5270",
  "sourceIdentifier": "security@mozilla.org",
  "published": "2016-09-22T22:59:03.677",
  "lastModified": "2018-06-12T01:29:00.737",
  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap-based buffer overflow in the nsCaseTransformTextRunFactory::TransformString function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to cause a denial of service (boolean out-of-bounds write) or possibly have unspecified other impact via Unicode characters that are mishandled during text conversion."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer basado en memoria din\u00e1mica (heap) en la funci\u00f3n nsCaseTransformTextRunFactory::TransformString en Mozilla Firefox en versiones anteriores a la 49.0, Firefox ESR en versiones 45.x anteriores a la 45.4 y Thunderbird en versiones anteriores a la 45.4 permite que los atacantes remotos provoquen una denegaci\u00f3n de servicio (escritura de valores boleanos fuera de l\u00edmites) o, posiblemente, provocar otro impacto no especificado mediante caracteres unicode que se manejan incorrectamente durante la conversi\u00f3n de texto."
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        },
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "versionEndIncluding": "48.0.2",
              "matchCriteriaId": "C56407AD-F303-4E6E-A64E-4AFA23BFB739"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:mozilla:firefox_esr:45.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B877383B-F7B3-433F-B7B0-2B1C731504F2"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:mozilla:firefox_esr:45.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F18C6F4-5C04-4E4B-A2CC-29C5338F0CD1"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:mozilla:firefox_esr:45.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD9B460C-3328-44DC-AA80-EDE2E46AF787"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:mozilla:firefox_esr:45.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD5D9DC4-4D18-4491-BE90-CAE21CA1AA96"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://rhn.redhat.com/errata/RHSA-2016-1912.html",
      "source": "security@mozilla.org"
    },
    {
      "url": "http://www.debian.org/security/2016/dsa-3674",
      "source": "security@mozilla.org"
    },
    {
      "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-85.html",
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
      "source": "security@mozilla.org"
    },
    {
      "url": "http://www.securityfocus.com/bid/93049",
      "source": "security@mozilla.org"
    },
    {
      "url": "http://www.securitytracker.com/id/1036852",
      "source": "security@mozilla.org"
    },
    {
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1291016",
      "source": "security@mozilla.org",
      "tags": [
        "Issue Tracking"
      ]
    },
    {
      "url": "https://security.gentoo.org/glsa/201701-15",
      "source": "security@mozilla.org"
    },
    {
      "url": "https://www.mozilla.org/security/advisories/mfsa2016-86/",
      "source": "security@mozilla.org"
    },
    {
      "url": "https://www.mozilla.org/security/advisories/mfsa2016-88/",
      "source": "security@mozilla.org"
    }
  ]
}