Описание
Inside the JavaScript parser, a cast of an integer to a narrower type can result in data read from outside the buffer being parsed. This usually results in a non-exploitable crash, but can leak a limited amount of information from memory if it matches JavaScript identifier syntax. This vulnerability affects Firefox < 56.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | released | 56.0+build6-0ubuntu1 |
| bionic | released | 56.0+build6-0ubuntu1 |
| cosmic | released | 56.0+build6-0ubuntu1 |
| devel | released | 56.0+build6-0ubuntu1 |
| disco | released | 56.0+build6-0ubuntu1 |
| eoan | released | 56.0+build6-0ubuntu1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [56.0+build6-0ubuntu0.14.04.1]] |
| esm-infra/focal | DNE | |
| focal | released | 56.0+build6-0ubuntu1 |
| groovy | released | 56.0+build6-0ubuntu1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | ignored | end of standard support, was needs-triage |
| cosmic | DNE | |
| devel | DNE | |
| disco | DNE | |
| eoan | DNE | |
| esm-apps/bionic | ignored | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | DNE | |
| focal | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | |
| bionic | not-affected | |
| cosmic | not-affected | |
| devel | DNE | |
| disco | not-affected | |
| eoan | not-affected | |
| esm-apps/focal | not-affected | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/bionic | not-affected | |
| focal | not-affected |
Показывать по
EPSS
6.4 Medium
CVSS2
8.2 High
CVSS3
Связанные уязвимости
Inside the JavaScript parser, a cast of an integer to a narrower type can result in data read from outside the buffer being parsed. This usually results in a non-exploitable crash, but can leak a limited amount of information from memory if it matches JavaScript identifier syntax. This vulnerability affects Firefox < 56.
Inside the JavaScript parser, a cast of an integer to a narrower type ...
Inside the JavaScript parser, a cast of an integer to a narrower type can result in data read from outside the buffer being parsed. This usually results in a non-exploitable crash, but can leak a limited amount of information from memory if it matches JavaScript identifier syntax. This vulnerability affects Firefox < 56.
Уязвимость синтаксического анализатора JavaScript браузера Mozilla Firefox, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании
EPSS
6.4 Medium
CVSS2
8.2 High
CVSS3