Arbitrary Code Execution via SVG Document in Mozilla Firefox

CVE-2016-2838 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

Heap-based buffer overflow in the nsBidi::BracketData::AddOpening function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via directional content in an SVG document.

Learn more about our Cis Benchmark Audit For Mozilla Firefox.