Bug 983653 (CVE-2016-2821)

Summary: VUL-0: CVE-2016-2821: MozillaFirefox: Use-after-free deleting tables from a contenteditable document (MFSA 2016-51)
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Petr Cerny <pcerny>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Major    
Priority: P3 - Medium CC: wolfgang
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard: CVSSv2:SUSE:CVE-2016-2821:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-2821:5.1:(AV:N/AC:H/Au:N/C:P/I:P/A:P) CVSSv2:NVD:CVE-2016-2821:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) maint:running:62846:low maint:released:oes11-sp2:62857 CVSSv3:NVD:CVE-2016-2821:7.5:(AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on:    
Bug Blocks: 983549    

Description Marcus Meissner 2016-06-08 06:41:20 UTC
https://www.mozilla.org/en-US/security/advisories/mfsa2016-51/


Mozilla Foundation Security Advisory 2016-51
Use-after-free deleting tables from a contenteditable document

Announced
    June 7, 2016
Reporter
    firehack
Impact
    High
Products
    Firefox, Firefox ESR
Fixed in

        Firefox 47
        Firefox ESR 45.2

Description

Security researcher firehack used the Address Sanitizer tool to discover a use-after-free in contenteditable mode. This occurs when deleting document object model (DOM) table elements created within the editor and results in a potentially exploitable crash.
References

    Heap-use-after-free mozilla::dom::Element (CVE-2016-2821)
Comment 1 Bernhard Wiedemann 2016-06-08 18:00:47 UTC
This is an autogenerated message for OBS integration:
This bug (983653) was mentioned in
https://build.opensuse.org/request/show/400713 Factory / MozillaFirefox
https://build.opensuse.org/request/show/400714 42.1 / MozillaFirefox
https://build.opensuse.org/request/show/400716 13.2 / MozillaFirefox
https://build.opensuse.org/request/show/400718 13.1 / MozillaFirefox
Comment 2 Swamp Workflow Management 2016-06-08 22:01:45 UTC
bugbot adjusting priority
Comment 3 Swamp Workflow Management 2016-06-11 12:14:04 UTC
openSUSE-SU-2016:1552-1: An update that solves 13 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 980384,981695,983549,983632,983638,983639,983640,983643,983644,983646,983649,983651,983652,983653,983655
CVE References: CVE-2016-2815,CVE-2016-2818,CVE-2016-2819,CVE-2016-2821,CVE-2016-2822,CVE-2016-2824,CVE-2016-2825,CVE-2016-2828,CVE-2016-2829,CVE-2016-2831,CVE-2016-2832,CVE-2016-2833,CVE-2016-2834
Sources used:
openSUSE Leap 42.1 (src):    MozillaFirefox-47.0-24.1, mozilla-nss-3.23-18.1
openSUSE 13.2 (src):    MozillaFirefox-47.0-71.1, mozilla-nss-3.23-34.1
Comment 4 Swamp Workflow Management 2016-06-11 20:09:54 UTC
openSUSE-SU-2016:1557-1: An update that solves 14 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 980384,981695,983549,983632,983638,983639,983640,983643,983644,983646,983649,983651,983652,983653,983655
CVE References: CVE-2016-1950,CVE-2016-2815,CVE-2016-2818,CVE-2016-2819,CVE-2016-2821,CVE-2016-2822,CVE-2016-2824,CVE-2016-2825,CVE-2016-2828,CVE-2016-2829,CVE-2016-2831,CVE-2016-2832,CVE-2016-2833,CVE-2016-2834
Sources used:
openSUSE 13.1 (src):    MozillaFirefox-47.0-116.1, mozilla-nss-3.23-80.1
Comment 5 Bernhard Wiedemann 2016-06-15 22:00:48 UTC
This is an autogenerated message for OBS integration:
This bug (983653) was mentioned in
https://build.opensuse.org/request/show/402575 42.2 / MozillaFirefox
Comment 6 Bernhard Wiedemann 2016-06-16 16:01:00 UTC
This is an autogenerated message for OBS integration:
This bug (983653) was mentioned in
https://build.opensuse.org/request/show/402737 42.2 / MozillaFirefox
Comment 8 Swamp Workflow Management 2016-06-27 18:10:03 UTC
SUSE-SU-2016:1691-1: An update that solves 9 vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 982366,983549,983638,983639,983643,983646,983651,983652,983653,983655,984006,984126,985659
CVE References: CVE-2016-2815,CVE-2016-2818,CVE-2016-2819,CVE-2016-2821,CVE-2016-2822,CVE-2016-2824,CVE-2016-2828,CVE-2016-2831,CVE-2016-2834
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    MozillaFirefox-45.2.0esr-75.2, mozilla-nspr-4.12-15.2, mozilla-nss-3.21.1-46.2
SUSE Linux Enterprise Software Development Kit 12 (src):    MozillaFirefox-45.2.0esr-75.2, mozilla-nspr-4.12-15.2, mozilla-nss-3.21.1-46.2
SUSE Linux Enterprise Server 12-SP1 (src):    MozillaFirefox-45.2.0esr-75.2, MozillaFirefox-branding-SLE-45.0-28.2, mozilla-nspr-4.12-15.2, mozilla-nss-3.21.1-46.2
SUSE Linux Enterprise Server 12 (src):    MozillaFirefox-45.2.0esr-75.2, MozillaFirefox-branding-SLE-45.0-28.2, mozilla-nspr-4.12-15.2, mozilla-nss-3.21.1-46.2
SUSE Linux Enterprise Desktop 12-SP1 (src):    MozillaFirefox-45.2.0esr-75.2, MozillaFirefox-branding-SLE-45.0-28.2, mozilla-nspr-4.12-15.2, mozilla-nss-3.21.1-46.2
SUSE Linux Enterprise Desktop 12 (src):    MozillaFirefox-45.2.0esr-75.2, MozillaFirefox-branding-SLE-45.0-28.2, mozilla-nspr-4.12-15.2, mozilla-nss-3.21.1-46.2
Comment 9 Swamp Workflow Management 2016-07-14 13:09:21 UTC
SUSE-SU-2016:1799-1: An update that solves 9 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 983549,983638,983639,983643,983646,983651,983652,983653,983655,984006,985659
CVE References: CVE-2016-2815,CVE-2016-2818,CVE-2016-2819,CVE-2016-2821,CVE-2016-2822,CVE-2016-2824,CVE-2016-2828,CVE-2016-2831,CVE-2016-2834
Sources used:
SUSE OpenStack Cloud 5 (src):    MozillaFirefox-45.2.0esr-45.2, MozillaFirefox-branding-SLED-45.0-23.10, firefox-fontconfig-2.11.0-2.1, mozilla-nspr-4.12-29.1, mozilla-nss-3.21.1-35.1
SUSE Manager Proxy 2.1 (src):    MozillaFirefox-45.2.0esr-45.2, MozillaFirefox-branding-SLED-45.0-23.10, firefox-fontconfig-2.11.0-2.1, mozilla-nspr-4.12-29.1, mozilla-nss-3.21.1-35.1
SUSE Manager 2.1 (src):    MozillaFirefox-45.2.0esr-45.2, MozillaFirefox-branding-SLED-45.0-23.10, firefox-fontconfig-2.11.0-2.1, mozilla-nspr-4.12-29.1, mozilla-nss-3.21.1-35.1
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    MozillaFirefox-45.2.0esr-45.2, firefox-fontconfig-2.11.0-2.1, mozilla-nspr-4.12-29.1, mozilla-nss-3.21.1-35.1
SUSE Linux Enterprise Server 11-SP4 (src):    MozillaFirefox-45.2.0esr-45.2, MozillaFirefox-branding-SLED-45.0-23.10, firefox-fontconfig-2.11.0-2.1, mozilla-nspr-4.12-29.1, mozilla-nss-3.21.1-35.1
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    MozillaFirefox-45.2.0esr-45.2, MozillaFirefox-branding-SLED-45.0-23.10, firefox-fontconfig-2.11.0-2.1, mozilla-nspr-4.12-29.1, mozilla-nss-3.21.1-35.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    MozillaFirefox-45.2.0esr-45.2, MozillaFirefox-branding-SLED-45.0-23.10, firefox-fontconfig-2.11.0-2.1, mozilla-nspr-4.12-29.1, mozilla-nss-3.21.1-35.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    MozillaFirefox-45.2.0esr-45.2, firefox-fontconfig-2.11.0-2.1, mozilla-nspr-4.12-29.1, mozilla-nss-3.21.1-35.1
Comment 10 Swamp Workflow Management 2016-08-12 19:11:31 UTC
SUSE-SU-2016:2061-1: An update that fixes 24 vulnerabilities is now available.

Category: security (important)
Bug References: 983549,983638,983639,983643,983646,983651,983652,983653,983655,984006,985659,989196,990628,990856,991809
CVE References: CVE-2016-2815,CVE-2016-2818,CVE-2016-2819,CVE-2016-2821,CVE-2016-2822,CVE-2016-2824,CVE-2016-2828,CVE-2016-2830,CVE-2016-2831,CVE-2016-2834,CVE-2016-2835,CVE-2016-2836,CVE-2016-2837,CVE-2016-2838,CVE-2016-2839,CVE-2016-5252,CVE-2016-5254,CVE-2016-5258,CVE-2016-5259,CVE-2016-5262,CVE-2016-5263,CVE-2016-5264,CVE-2016-5265,CVE-2016-6354
Sources used:
SUSE Linux Enterprise Server 11-SP2-LTSS (src):    MozillaFirefox-45.3.0esr-48.1, MozillaFirefox-branding-SLED-45.0-20.38, firefox-fontconfig-2.11.0-4.2, mozilla-nspr-4.12-25.2, mozilla-nss-3.21.1-26.2
SUSE Linux Enterprise Debuginfo 11-SP2 (src):    MozillaFirefox-45.3.0esr-48.1, firefox-fontconfig-2.11.0-4.2, mozilla-nspr-4.12-25.2, mozilla-nss-3.21.1-26.2
Comment 11 Marcus Meissner 2016-08-17 05:51:41 UTC
released