CVE-2016-5276 log

Source
Severity High
Remote Yes
Type Arbitrary code execution
Description
A use-after-free vulnerability has been discovered in the mozilla::a11y::DocAccessible::ProcessInvalidationList function triggered by setting a aria-owns attribute.
Group Package Affected Fixed Severity Status Ticket
AVG-24 firefox 48.0.2-1 49.0-1 Critical Fixed
Date Advisory Group Package Severity Type
22 Sep 2016 ASA-201609-22 AVG-24 firefox Critical multiple issues
References
https://bugzilla.mozilla.org/show_bug.cgi?id=1287721