Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-5448

Опубликовано: 19 апр. 2017
Источник: redhat
CVSS3: 8.6
EPSS Низкий

Описание

An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Clearkey-encrypted media content. The "ClearKeyDecryptor" code runs within the Gecko Media Plugin (GMP) sandbox. If a second mechanism is found to escape the sandbox, this vulnerability allows for the writing of arbitrary data within memory, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5firefoxWill not fix
Red Hat Enterprise Linux 5thunderbirdNot affected
Red Hat Enterprise Linux 6thunderbirdNot affected
Red Hat Enterprise Linux 7thunderbirdNot affected
Red Hat Enterprise Linux 6firefoxFixedRHSA-2017:110420.04.2017
Red Hat Enterprise Linux 7firefoxFixedRHSA-2017:110621.04.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
https://bugzilla.redhat.com/show_bug.cgi?id=1443310Mozilla: Out-of-bounds write in ClearKeyDecryptor (MFSA 2017-11, MFSA 2017-12)

EPSS

Процентиль: 85%
0.02497
Низкий

8.6 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2017-5448

CVSS3: 8.6
ubuntu
около 7 лет назад

An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Clearkey-encrypted media content. The "ClearKeyDecryptor" code runs within the Gecko Media Plugin (GMP) sandbox. If a second mechanism is found to escape the sandbox, this vulnerability allows for the writing of arbitrary data within memory, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

nvd логотип

CVE-2017-5448

CVSS3: 8.6
nvd
около 7 лет назад

An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Clearkey-encrypted media content. The "ClearKeyDecryptor" code runs within the Gecko Media Plugin (GMP) sandbox. If a second mechanism is found to escape the sandbox, this vulnerability allows for the writing of arbitrary data within memory, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

debian логотип

CVE-2017-5448

CVSS3: 8.6
debian
около 7 лет назад

An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Cl ...

github логотип

GHSA-v22c-c5cc-5mv4

CVSS3: 8.6
github
около 3 лет назад

An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Clearkey-encrypted media content. The "ClearKeyDecryptor" code runs within the Gecko Media Plugin (GMP) sandbox. If a second mechanism is found to escape the sandbox, this vulnerability allows for the writing of arbitrary data within memory, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

suse-cvrf логотип

openSUSE-SU-2017:1099-1

suse-cvrf
больше 8 лет назад

Security update for Mozilla Firefox

EPSS

Процентиль: 85%
0.02497
Низкий

8.6 High

CVSS3