Bug 1377666 (CVE-2016-5256)

Summary: CVE-2016-5256 Mozilla: Memory safety bugs fixed in Firefox 49 (MFSA 2016-85)
Product: [Other] Security Response Reporter: Siddharth Sharma <sisharma>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: urgent Docs Contact:
Priority: urgent    
Version: unspecifiedCC: cschalle, jhorak, security-response-team, stransky
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-10-04 02:49:23 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1369653    

Description Siddharth Sharma 2016-09-20 10:36:27 UTC 
Mozilla developers Christoph Diehl, Christian Holler, Gary Kwong, Nathan Froyd, Honza Bambas, Seth Fowler, and Michael Smith reported memory safety bugs present in Firefox 48. Some of these bugs showed evidence of memory corruption under certain circumstances could potentially exploited to run arbitrary code.

External Reference:

https://www.mozilla.org/security/announce/2016/mfsa2016-85.html
Comment 1 Siddharth Sharma 2016-09-20 10:36:36 UTC 
Acknowledgments:

Name: the Mozilla project
Upstream: Christoph Diehl, Christian Holler, Gary Kwong, Nathan Froyd, Honza Bambas, Seth Fowler, Michael Smith