983651 – (CVE-2016-2824) VUL-0: CVE-2016-2824: MozillaFirefox: Out-of-bounds write with WebGL shader (MFSA 2016-53)

Bug 983651 (CVE-2016-2824) - VUL-0: CVE-2016-2824: MozillaFirefox: Out-of-bounds write with WebGL shader (MFSA 2016-53)

Summary: VUL-0: CVE-2016-2824: MozillaFirefox: Out-of-bounds write with WebGL shader (...

Status:	RESOLVED FIXED

Alias:	CVE-2016-2824

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Major
Target Milestone:	---
Assignee:	Petr Cerny
QA Contact:	Security Team bot

URL:
Whiteboard:	maint:running:62846:low maint:release...
Keywords:

Depends on:
Blocks:	983549
	Show dependency tree / graph

Clone This Bug

Reported:	2016-06-08 06:37 UTC by Marcus Meissner
Modified:	2020-04-05 18:22 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2016-06-08 06:37:40 UTC

https://www.mozilla.org/en-US/security/advisories/mfsa2016-53/


Mozilla Foundation Security Advisory 2016-53
Out-of-bounds write with WebGL shader

Announced
    June 7, 2016
Reporter
    Aral
Impact
    High
Products
    Firefox, Firefox ESR
Fixed in

        Firefox 47
        Firefox ESR 45.2

Description

Security researcher Aral reported an out-of-bounds write when using the ANGLE graphics library, which is used for WebGL content on Windows systems. This crash occurs due to improper size checking while writing to an array during some WebGL shader operations.

The ANGLE graphics library is only used on Windows. Linux, OS X, and Android operating systems are not affected by this vulnerability.
References

    Crash in TSymbolTableLevel::~TSymbolTableLevel (CVE-2016-2824)

Comment 1 Bernhard Wiedemann 2016-06-08 18:00:37 UTC

This is an autogenerated message for OBS integration:
This bug (983651) was mentioned in
https://build.opensuse.org/request/show/400713 Factory / MozillaFirefox
https://build.opensuse.org/request/show/400714 42.1 / MozillaFirefox
https://build.opensuse.org/request/show/400716 13.2 / MozillaFirefox
https://build.opensuse.org/request/show/400718 13.1 / MozillaFirefox

Comment 2 Swamp Workflow Management 2016-06-08 22:01:29 UTC

bugbot adjusting priority

Comment 3 Swamp Workflow Management 2016-06-11 12:13:44 UTC

openSUSE-SU-2016:1552-1: An update that solves 13 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 980384,981695,983549,983632,983638,983639,983640,983643,983644,983646,983649,983651,983652,983653,983655
CVE References: CVE-2016-2815,CVE-2016-2818,CVE-2016-2819,CVE-2016-2821,CVE-2016-2822,CVE-2016-2824,CVE-2016-2825,CVE-2016-2828,CVE-2016-2829,CVE-2016-2831,CVE-2016-2832,CVE-2016-2833,CVE-2016-2834
Sources used:
openSUSE Leap 42.1 (src):    MozillaFirefox-47.0-24.1, mozilla-nss-3.23-18.1
openSUSE 13.2 (src):    MozillaFirefox-47.0-71.1, mozilla-nss-3.23-34.1

Comment 4 Swamp Workflow Management 2016-06-11 20:09:36 UTC

openSUSE-SU-2016:1557-1: An update that solves 14 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 980384,981695,983549,983632,983638,983639,983640,983643,983644,983646,983649,983651,983652,983653,983655
CVE References: CVE-2016-1950,CVE-2016-2815,CVE-2016-2818,CVE-2016-2819,CVE-2016-2821,CVE-2016-2822,CVE-2016-2824,CVE-2016-2825,CVE-2016-2828,CVE-2016-2829,CVE-2016-2831,CVE-2016-2832,CVE-2016-2833,CVE-2016-2834
Sources used:
openSUSE 13.1 (src):    MozillaFirefox-47.0-116.1, mozilla-nss-3.23-80.1

Comment 6 Swamp Workflow Management 2016-06-27 18:09:44 UTC

SUSE-SU-2016:1691-1: An update that solves 9 vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 982366,983549,983638,983639,983643,983646,983651,983652,983653,983655,984006,984126,985659
CVE References: CVE-2016-2815,CVE-2016-2818,CVE-2016-2819,CVE-2016-2821,CVE-2016-2822,CVE-2016-2824,CVE-2016-2828,CVE-2016-2831,CVE-2016-2834
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    MozillaFirefox-45.2.0esr-75.2, mozilla-nspr-4.12-15.2, mozilla-nss-3.21.1-46.2
SUSE Linux Enterprise Software Development Kit 12 (src):    MozillaFirefox-45.2.0esr-75.2, mozilla-nspr-4.12-15.2, mozilla-nss-3.21.1-46.2
SUSE Linux Enterprise Server 12-SP1 (src):    MozillaFirefox-45.2.0esr-75.2, MozillaFirefox-branding-SLE-45.0-28.2, mozilla-nspr-4.12-15.2, mozilla-nss-3.21.1-46.2
SUSE Linux Enterprise Server 12 (src):    MozillaFirefox-45.2.0esr-75.2, MozillaFirefox-branding-SLE-45.0-28.2, mozilla-nspr-4.12-15.2, mozilla-nss-3.21.1-46.2
SUSE Linux Enterprise Desktop 12-SP1 (src):    MozillaFirefox-45.2.0esr-75.2, MozillaFirefox-branding-SLE-45.0-28.2, mozilla-nspr-4.12-15.2, mozilla-nss-3.21.1-46.2
SUSE Linux Enterprise Desktop 12 (src):    MozillaFirefox-45.2.0esr-75.2, MozillaFirefox-branding-SLE-45.0-28.2, mozilla-nspr-4.12-15.2, mozilla-nss-3.21.1-46.2

Comment 7 Swamp Workflow Management 2016-07-14 13:09:04 UTC

SUSE-SU-2016:1799-1: An update that solves 9 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 983549,983638,983639,983643,983646,983651,983652,983653,983655,984006,985659
CVE References: CVE-2016-2815,CVE-2016-2818,CVE-2016-2819,CVE-2016-2821,CVE-2016-2822,CVE-2016-2824,CVE-2016-2828,CVE-2016-2831,CVE-2016-2834
Sources used:
SUSE OpenStack Cloud 5 (src):    MozillaFirefox-45.2.0esr-45.2, MozillaFirefox-branding-SLED-45.0-23.10, firefox-fontconfig-2.11.0-2.1, mozilla-nspr-4.12-29.1, mozilla-nss-3.21.1-35.1
SUSE Manager Proxy 2.1 (src):    MozillaFirefox-45.2.0esr-45.2, MozillaFirefox-branding-SLED-45.0-23.10, firefox-fontconfig-2.11.0-2.1, mozilla-nspr-4.12-29.1, mozilla-nss-3.21.1-35.1
SUSE Manager 2.1 (src):    MozillaFirefox-45.2.0esr-45.2, MozillaFirefox-branding-SLED-45.0-23.10, firefox-fontconfig-2.11.0-2.1, mozilla-nspr-4.12-29.1, mozilla-nss-3.21.1-35.1
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    MozillaFirefox-45.2.0esr-45.2, firefox-fontconfig-2.11.0-2.1, mozilla-nspr-4.12-29.1, mozilla-nss-3.21.1-35.1
SUSE Linux Enterprise Server 11-SP4 (src):    MozillaFirefox-45.2.0esr-45.2, MozillaFirefox-branding-SLED-45.0-23.10, firefox-fontconfig-2.11.0-2.1, mozilla-nspr-4.12-29.1, mozilla-nss-3.21.1-35.1
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    MozillaFirefox-45.2.0esr-45.2, MozillaFirefox-branding-SLED-45.0-23.10, firefox-fontconfig-2.11.0-2.1, mozilla-nspr-4.12-29.1, mozilla-nss-3.21.1-35.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    MozillaFirefox-45.2.0esr-45.2, MozillaFirefox-branding-SLED-45.0-23.10, firefox-fontconfig-2.11.0-2.1, mozilla-nspr-4.12-29.1, mozilla-nss-3.21.1-35.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    MozillaFirefox-45.2.0esr-45.2, firefox-fontconfig-2.11.0-2.1, mozilla-nspr-4.12-29.1, mozilla-nss-3.21.1-35.1

Comment 8 Swamp Workflow Management 2016-08-12 19:11:13 UTC

SUSE-SU-2016:2061-1: An update that fixes 24 vulnerabilities is now available.

Category: security (important)
Bug References: 983549,983638,983639,983643,983646,983651,983652,983653,983655,984006,985659,989196,990628,990856,991809
CVE References: CVE-2016-2815,CVE-2016-2818,CVE-2016-2819,CVE-2016-2821,CVE-2016-2822,CVE-2016-2824,CVE-2016-2828,CVE-2016-2830,CVE-2016-2831,CVE-2016-2834,CVE-2016-2835,CVE-2016-2836,CVE-2016-2837,CVE-2016-2838,CVE-2016-2839,CVE-2016-5252,CVE-2016-5254,CVE-2016-5258,CVE-2016-5259,CVE-2016-5262,CVE-2016-5263,CVE-2016-5264,CVE-2016-5265,CVE-2016-6354
Sources used:
SUSE Linux Enterprise Server 11-SP2-LTSS (src):    MozillaFirefox-45.3.0esr-48.1, MozillaFirefox-branding-SLED-45.0-20.38, firefox-fontconfig-2.11.0-4.2, mozilla-nspr-4.12-25.2, mozilla-nss-3.21.1-26.2
SUSE Linux Enterprise Debuginfo 11-SP2 (src):    MozillaFirefox-45.3.0esr-48.1, firefox-fontconfig-2.11.0-4.2, mozilla-nspr-4.12-25.2, mozilla-nss-3.21.1-26.2

Comment 9 Marcus Meissner 2016-08-17 05:51:17 UTC

released