Bug 983653 – VUL-0: CVE-2016-2821: MozillaFirefox: Use-after-free deleting tables from a contenteditable document (MFSA 2016-51)

Bug 983653 - (CVE-2016-2821) VUL-0: CVE-2016-2821: MozillaFirefox: Use-after-free deleting tables from a contenteditable document (MFSA 2016-51)

(CVE-2016-2821)
Summary:	VUL-0: CVE-2016-2821: MozillaFirefox: Use-after-free deleting tables from a c...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Major
Target Milestone:	---
Assigned To:	Petr Cerny
QA Contact:	Security Team bot

URL:
Whiteboard:	CVSSv2:SUSE:CVE-2016-2821:6.8:(AV:N/A...
Keywords:

Depends on:
Blocks:	983549
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2016-06-08 06:41 UTC by Marcus Meissner
Modified:	2020-04-05 18:22 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2016-06-08 06:41:20 UTC

https://www.mozilla.org/en-US/security/advisories/mfsa2016-51/


Mozilla Foundation Security Advisory 2016-51
Use-after-free deleting tables from a contenteditable document

Announced
    June 7, 2016
Reporter
    firehack
Impact
    High
Products
    Firefox, Firefox ESR
Fixed in

        Firefox 47
        Firefox ESR 45.2

Description

Security researcher firehack used the Address Sanitizer tool to discover a use-after-free in contenteditable mode. This occurs when deleting document object model (DOM) table elements created within the editor and results in a potentially exploitable crash.
References

    Heap-use-after-free mozilla::dom::Element (CVE-2016-2821)

Comment 1 Bernhard Wiedemann 2016-06-08 18:00:47 UTC

This is an autogenerated message for OBS integration:
This bug (983653) was mentioned in
https://build.opensuse.org/request/show/400713 Factory / MozillaFirefox
https://build.opensuse.org/request/show/400714 42.1 / MozillaFirefox
https://build.opensuse.org/request/show/400716 13.2 / MozillaFirefox
https://build.opensuse.org/request/show/400718 13.1 / MozillaFirefox

Comment 2 Swamp Workflow Management 2016-06-08 22:01:45 UTC

bugbot adjusting priority

Comment 3 Swamp Workflow Management 2016-06-11 12:14:04 UTC

openSUSE-SU-2016:1552-1: An update that solves 13 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 980384,981695,983549,983632,983638,983639,983640,983643,983644,983646,983649,983651,983652,983653,983655
CVE References: CVE-2016-2815,CVE-2016-2818,CVE-2016-2819,CVE-2016-2821,CVE-2016-2822,CVE-2016-2824,CVE-2016-2825,CVE-2016-2828,CVE-2016-2829,CVE-2016-2831,CVE-2016-2832,CVE-2016-2833,CVE-2016-2834
Sources used:
openSUSE Leap 42.1 (src):    MozillaFirefox-47.0-24.1, mozilla-nss-3.23-18.1
openSUSE 13.2 (src):    MozillaFirefox-47.0-71.1, mozilla-nss-3.23-34.1

Comment 4 Swamp Workflow Management 2016-06-11 20:09:54 UTC

openSUSE-SU-2016:1557-1: An update that solves 14 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 980384,981695,983549,983632,983638,983639,983640,983643,983644,983646,983649,983651,983652,983653,983655
CVE References: CVE-2016-1950,CVE-2016-2815,CVE-2016-2818,CVE-2016-2819,CVE-2016-2821,CVE-2016-2822,CVE-2016-2824,CVE-2016-2825,CVE-2016-2828,CVE-2016-2829,CVE-2016-2831,CVE-2016-2832,CVE-2016-2833,CVE-2016-2834
Sources used:
openSUSE 13.1 (src):    MozillaFirefox-47.0-116.1, mozilla-nss-3.23-80.1

Comment 5 Bernhard Wiedemann 2016-06-15 22:00:48 UTC

This is an autogenerated message for OBS integration:
This bug (983653) was mentioned in
https://build.opensuse.org/request/show/402575 42.2 / MozillaFirefox

Comment 6 Bernhard Wiedemann 2016-06-16 16:01:00 UTC

This is an autogenerated message for OBS integration:
This bug (983653) was mentioned in
https://build.opensuse.org/request/show/402737 42.2 / MozillaFirefox

Comment 8 Swamp Workflow Management 2016-06-27 18:10:03 UTC

SUSE-SU-2016:1691-1: An update that solves 9 vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 982366,983549,983638,983639,983643,983646,983651,983652,983653,983655,984006,984126,985659
CVE References: CVE-2016-2815,CVE-2016-2818,CVE-2016-2819,CVE-2016-2821,CVE-2016-2822,CVE-2016-2824,CVE-2016-2828,CVE-2016-2831,CVE-2016-2834
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    MozillaFirefox-45.2.0esr-75.2, mozilla-nspr-4.12-15.2, mozilla-nss-3.21.1-46.2
SUSE Linux Enterprise Software Development Kit 12 (src):    MozillaFirefox-45.2.0esr-75.2, mozilla-nspr-4.12-15.2, mozilla-nss-3.21.1-46.2
SUSE Linux Enterprise Server 12-SP1 (src):    MozillaFirefox-45.2.0esr-75.2, MozillaFirefox-branding-SLE-45.0-28.2, mozilla-nspr-4.12-15.2, mozilla-nss-3.21.1-46.2
SUSE Linux Enterprise Server 12 (src):    MozillaFirefox-45.2.0esr-75.2, MozillaFirefox-branding-SLE-45.0-28.2, mozilla-nspr-4.12-15.2, mozilla-nss-3.21.1-46.2
SUSE Linux Enterprise Desktop 12-SP1 (src):    MozillaFirefox-45.2.0esr-75.2, MozillaFirefox-branding-SLE-45.0-28.2, mozilla-nspr-4.12-15.2, mozilla-nss-3.21.1-46.2
SUSE Linux Enterprise Desktop 12 (src):    MozillaFirefox-45.2.0esr-75.2, MozillaFirefox-branding-SLE-45.0-28.2, mozilla-nspr-4.12-15.2, mozilla-nss-3.21.1-46.2

Comment 9 Swamp Workflow Management 2016-07-14 13:09:21 UTC

SUSE-SU-2016:1799-1: An update that solves 9 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 983549,983638,983639,983643,983646,983651,983652,983653,983655,984006,985659
CVE References: CVE-2016-2815,CVE-2016-2818,CVE-2016-2819,CVE-2016-2821,CVE-2016-2822,CVE-2016-2824,CVE-2016-2828,CVE-2016-2831,CVE-2016-2834
Sources used:
SUSE OpenStack Cloud 5 (src):    MozillaFirefox-45.2.0esr-45.2, MozillaFirefox-branding-SLED-45.0-23.10, firefox-fontconfig-2.11.0-2.1, mozilla-nspr-4.12-29.1, mozilla-nss-3.21.1-35.1
SUSE Manager Proxy 2.1 (src):    MozillaFirefox-45.2.0esr-45.2, MozillaFirefox-branding-SLED-45.0-23.10, firefox-fontconfig-2.11.0-2.1, mozilla-nspr-4.12-29.1, mozilla-nss-3.21.1-35.1
SUSE Manager 2.1 (src):    MozillaFirefox-45.2.0esr-45.2, MozillaFirefox-branding-SLED-45.0-23.10, firefox-fontconfig-2.11.0-2.1, mozilla-nspr-4.12-29.1, mozilla-nss-3.21.1-35.1
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    MozillaFirefox-45.2.0esr-45.2, firefox-fontconfig-2.11.0-2.1, mozilla-nspr-4.12-29.1, mozilla-nss-3.21.1-35.1
SUSE Linux Enterprise Server 11-SP4 (src):    MozillaFirefox-45.2.0esr-45.2, MozillaFirefox-branding-SLED-45.0-23.10, firefox-fontconfig-2.11.0-2.1, mozilla-nspr-4.12-29.1, mozilla-nss-3.21.1-35.1
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    MozillaFirefox-45.2.0esr-45.2, MozillaFirefox-branding-SLED-45.0-23.10, firefox-fontconfig-2.11.0-2.1, mozilla-nspr-4.12-29.1, mozilla-nss-3.21.1-35.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    MozillaFirefox-45.2.0esr-45.2, MozillaFirefox-branding-SLED-45.0-23.10, firefox-fontconfig-2.11.0-2.1, mozilla-nspr-4.12-29.1, mozilla-nss-3.21.1-35.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    MozillaFirefox-45.2.0esr-45.2, firefox-fontconfig-2.11.0-2.1, mozilla-nspr-4.12-29.1, mozilla-nss-3.21.1-35.1

Comment 10 Swamp Workflow Management 2016-08-12 19:11:31 UTC

SUSE-SU-2016:2061-1: An update that fixes 24 vulnerabilities is now available.

Category: security (important)
Bug References: 983549,983638,983639,983643,983646,983651,983652,983653,983655,984006,985659,989196,990628,990856,991809
CVE References: CVE-2016-2815,CVE-2016-2818,CVE-2016-2819,CVE-2016-2821,CVE-2016-2822,CVE-2016-2824,CVE-2016-2828,CVE-2016-2830,CVE-2016-2831,CVE-2016-2834,CVE-2016-2835,CVE-2016-2836,CVE-2016-2837,CVE-2016-2838,CVE-2016-2839,CVE-2016-5252,CVE-2016-5254,CVE-2016-5258,CVE-2016-5259,CVE-2016-5262,CVE-2016-5263,CVE-2016-5264,CVE-2016-5265,CVE-2016-6354
Sources used:
SUSE Linux Enterprise Server 11-SP2-LTSS (src):    MozillaFirefox-45.3.0esr-48.1, MozillaFirefox-branding-SLED-45.0-20.38, firefox-fontconfig-2.11.0-4.2, mozilla-nspr-4.12-25.2, mozilla-nss-3.21.1-26.2
SUSE Linux Enterprise Debuginfo 11-SP2 (src):    MozillaFirefox-45.3.0esr-48.1, firefox-fontconfig-2.11.0-4.2, mozilla-nspr-4.12-25.2, mozilla-nss-3.21.1-26.2

Comment 11 Marcus Meissner 2016-08-17 05:51:41 UTC

released