Rapid7 Vulnerability & Exploit Database

MFSA2016-37 Thunderbird: Font vulnerabilities in the Graphite 2 library (CVE-2016-2790)

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

MFSA2016-37 Thunderbird: Font vulnerabilities in the Graphite 2 library (CVE-2016-2790)

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:P)

Published

03/13/2016

Created

07/25/2018

Added

03/16/2016

Modified

10/30/2017

Description

The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font.

Solution(s)

mozilla-thunderbird-upgrade-38_7
mozilla-thunderbird-upgrade-45_0

References

https://attackerkb.com/topics/cve-2016-2790
84222
CVE - 2016-2790
DSA-3510
DSA-3515
DSA-3520
http://www.mozilla.org/security/announce/2016/mfsa2016-37.html

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

MFSA2016-37 Thunderbird: Font vulnerabilities in the Graphite 2 library (CVE-2016-2790)

MFSA2016-37 Thunderbird: Font vulnerabilities in the Graphite 2 library (CVE-2016-2790)

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Success! Thank you for submission. We will be in touch shortly.

Submit your information and we will get in touch with you.