CVE-2016-2821

HIGH Year: 2016
CVSS v3 Score
7.5
High
CVSS v2 Score
6.8
Medium
Weakness Type
NVD-CWE-Other
View all →

Vulnerability Description

Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2, when contenteditable mode is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by triggering deletion of DOM elements that were created in the editor.

Related Vulnerabilities

CVE-1999-0236

HIGH
CVSS:7.5(High)

ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.

NVD-CWE-Other1999

CVE-2003-1604

HIGH
CVSS:7.5(High)

The redirect_target function in net/ipv4/netfilter/ipt_REDIRECT.c in the Linux kernel before 2.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending p...

NVD-CWE-Other2003

CVE-2007-3816

HIGH
CVSS:7.5(High)

JWIG might allow context-dependent attackers to cause a denial of service (service degradation) via loops of references to external templates. NOTE: this issue has been disputed by multiple third part...

NVD-CWE-Other2007

CVE-2010-3035

HIGH
CVSS:7.5(High)

Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote attackers to cause a denial of service (peering reset) via a cra...

NVD-CWE-Other2010

CVE-2011-2699

HIGH
CVSS:7.5(High)

The IPv6 implementation in the Linux kernel before 3.1 does not generate Fragment Identification values separately for each destination, which makes it easier for remote attackers to cause a denial of...

NVD-CWE-Other2011

CVE-2011-4115

HIGH
CVSS:7.5(High)

Parallel::ForkManager module before 1.0.0 for Perl does not properly handle temporary files.

NVD-CWE-Other2011