Mozilla Firefox CVE-2016-2808 Buffer Overflow Vulnerability

description-logoDescription

The CESG, the Information Security Arm of GCHQ, reported that the JavaScript .watch() method could be used to overflow the 32-bit generation count of the underlying HashMap, resulting in a write to an invalid entry. Under the right conditions this write could lead to arbitrary code execution. The overflow takes considerable time and a malicious page would require a user to keep it open for the duration of the attack.

affected-products-logoAffected Applications

Firefox
Firefox ESR

CVE References

CVE-2016-2808