Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-5428

Опубликовано: 17 мар. 2017
Источник: redhat
CVSS3: 9.8
EPSS Низкий

Описание

An integer overflow in "createImageBitmap()" was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the "createImageBitmap" API. This function runs in the content sandbox, requiring a second vulnerability to compromise a user's computer. This vulnerability affects Firefox ESR < 52.0.1 and Firefox < 52.0.1.

A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5firefoxNot affected
Red Hat Enterprise Linux 5thunderbirdNot affected
Red Hat Enterprise Linux 6firefoxNot affected
Red Hat Enterprise Linux 6thunderbirdNot affected
Red Hat Enterprise Linux 7thunderbirdNot affected
Red Hat Enterprise Linux 7firefoxFixedRHSA-2017:055817.03.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Critical
https://bugzilla.redhat.com/show_bug.cgi?id=1433202Mozilla: integer overflow in createImageBitmap() (MFSA 2017-08)

EPSS

Процентиль: 59%
0.00391
Низкий

9.8 Critical

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2017-5428

CVSS3: 9.8
ubuntu
больше 7 лет назад

An integer overflow in "createImageBitmap()" was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the "createImageBitmap" API. This function runs in the content sandbox, requiring a second vulnerability to compromise a user's computer. This vulnerability affects Firefox ESR < 52.0.1 and Firefox < 52.0.1.

nvd логотип

CVE-2017-5428

CVSS3: 9.8
nvd
больше 7 лет назад

An integer overflow in "createImageBitmap()" was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the "createImageBitmap" API. This function runs in the content sandbox, requiring a second vulnerability to compromise a user's computer. This vulnerability affects Firefox ESR < 52.0.1 and Firefox < 52.0.1.

debian логотип

CVE-2017-5428

CVSS3: 9.8
debian
больше 7 лет назад

An integer overflow in "createImageBitmap()" was reported through the ...

suse-cvrf логотип

openSUSE-SU-2017:0765-1

suse-cvrf
больше 8 лет назад

Security update for Mozilla Firefox

github логотип

GHSA-3c9m-5j33-vjf4

CVSS3: 9.8
github
больше 3 лет назад

An integer overflow in "createImageBitmap()" was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the "createImageBitmap" API. This function runs in the content sandbox, requiring a second vulnerability to compromise a user's computer. This vulnerability affects Firefox ESR < 52.0.1 and Firefox < 52.0.1.

EPSS

Процентиль: 59%
0.00391
Низкий

9.8 Critical

CVSS3