Oval Definition:	oval:org.cisecurity:def:1098
Revision Date: 2016-09-23 Version: 12 Title: Heap-based buffer overflow in the stagefright::SampleTable::parseSampleCencInfo function in libstagefright in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 - CVE-2016-2814 Description: Heap-based buffer overflow in the stagefright::SampleTable::parseSampleCencInfo function in libstagefright in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code via crafted CENC offsets that lead to mismanagement of the sizes table. Family: windows Class: vulnerability Status: ACCEPTED Reference(s): CVE-2016-2814 Platform(s): Microsoft Windows 10 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Vista Microsoft Windows XP Product(s): Mozilla Firefox Mozilla Firefox ESR Definition Synopsis Mozilla Firefox + vulnerable version Mozilla Firefox is installed AND vulnerable version Check if Firefox version is less than 46.0 OR Mozilla Firefox ESR + vulnerable version Mozilla Firefox ESR is installed AND vulnerable version Firefox ESR 45 Check if Firefox ESR version is less than 45.1 AND Check if Firefox ESR version is greater than or equal to 45.0 OR Firefox ESR 38 Check if Firefox ESR version is less than 38.8 AND Check if Firefox ESR version is greater than or equal to 38.0
BACK