Описание
An out-of-bounds read when an HTTP/2 connection to a servers sends "DATA" frames with incorrect data content. This leads to a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | firefox | Will not fix | ||
| Red Hat Enterprise Linux 5 | thunderbird | Will not fix | ||
| Red Hat Enterprise Linux 6 | firefox | Fixed | RHSA-2017:1104 | 20.04.2017 |
| Red Hat Enterprise Linux 6 | thunderbird | Fixed | RHSA-2017:1201 | 08.05.2017 |
| Red Hat Enterprise Linux 7 | firefox | Fixed | RHSA-2017:1106 | 21.04.2017 |
| Red Hat Enterprise Linux 7 | thunderbird | Fixed | RHSA-2017:1201 | 08.05.2017 |
Показывать по
Дополнительная информация
Статус:
EPSS
9.8 Critical
CVSS3
Связанные уязвимости
An out-of-bounds read when an HTTP/2 connection to a servers sends "DATA" frames with incorrect data content. This leads to a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
An out-of-bounds read when an HTTP/2 connection to a servers sends "DATA" frames with incorrect data content. This leads to a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
An out-of-bounds read when an HTTP/2 connection to a servers sends "DA ...
An out-of-bounds read when an HTTP/2 connection to a servers sends "DATA" frames with incorrect data content. This leads to a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
Уязвимость реализации технологии HTTP/2 браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
9.8 Critical
CVSS3