CVE-2016-5297
Publication date 16 November 2016
Last updated 25 August 2025
Ubuntu priority
Description
An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| firefox | ||
| 16.04 LTS xenial |
Fixed 50.0+build2-0ubuntu0.16.04.2
|
|
| 14.04 LTS trusty |
Fixed 50.0+build2-0ubuntu0.14.04.2
|
|
| thunderbird | ||
| 16.04 LTS xenial |
Fixed 1:45.5.1+build1-0ubuntu0.16.04.1
|
|
| 14.04 LTS trusty |
Fixed 1:45.5.1+build1-0ubuntu0.14.04.1
|
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
9.8 · Critical
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-3141-1
- Thunderbird vulnerabilities
- 1 December 2016
- USN-3124-1
- Firefox vulnerabilities
- 19 November 2016