Описание
Integer underflow in Brotli, as used in Mozilla Firefox before 45.0, allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted data with brotli compression.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| iceweasel | removed | package | ||
| iceweasel | not-affected | jessie | package | |
| iceweasel | not-affected | wheezy | package | |
| firefox-esr | fixed | 45.0esr-1 | package | |
| firefox | fixed | 45.0-1 | package | |
| brotli | fixed | 0.3.0+dfsg-3 | package |
Примечания
https://www.mozilla.org/en-US/security/advisories/mfsa2016-30/
https://github.com/google/brotli/commit/37a320dd81db8d546cd24a45b4c61d87b45dcade
EPSS
Связанные уязвимости
Integer underflow in Brotli, as used in Mozilla Firefox before 45.0, allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted data with brotli compression.
Integer underflow in Brotli, as used in Mozilla Firefox before 45.0, allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted data with brotli compression.
Integer underflow in Brotli, as used in Mozilla Firefox before 45.0, allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted data with brotli compression.
Integer underflow in Brotli, as used in Mozilla Firefox before 45.0, allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted data with brotli compression.
Уязвимость браузера Firefox, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
EPSS