CVE-2017-5387
published 2018-06-11CVE-2017-5387: The existence of a specifically requested local file can be found due to the double firing of the "onerror" when the "source" attribute on a "" tag refers to a…
PriorityP47low3.3CVSS 3.0
AVLACLPRLUINSUCNILAN
EPSS
0.40%
32.2th percentile
The existence of a specifically requested local file can be found due to the double firing of the "onerror" when the "source" attribute on a "" tag refers to a file that does not exist if the source page is loaded locally. This vulnerability affects Firefox < 51.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 51.0-1 (sid) | firefox 51.0-1 (sid) |
| debian | firefox-esr | < firefox 51.0-1 (sid) | firefox 51.0-1 (sid) |
| mozilla | firefox | < 51.0 | 51.0 |
| mozilla | firefox | >= 0 < 51.0.1+build2-0ubuntu0.14.04.1 | 51.0.1+build2-0ubuntu0.14.04.1 |
| mozilla | firefox | >= 0 < 51.0.1+build2-0ubuntu0.14.04.2 | 51.0.1+build2-0ubuntu0.14.04.2 |
| mozilla | firefox | >= 0 < 51.0.1+build2-0ubuntu0.16.04.1 | 51.0.1+build2-0ubuntu0.16.04.1 |
| mozilla | firefox | >= 0 < 51.0.1+build2-0ubuntu0.16.04.2 | 51.0.1+build2-0ubuntu0.16.04.2 |
| mozilla | firefox | >= unspecified < 51 | 51 |
CVSS provenance
nvdv3.03.3LOWCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:N/I:P/A:N
osv9.8CRITICAL
vendor_ubuntu9.8CRITICAL
vendor_debian3.3LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Firefox regression
vendor_ubuntu·2017-02-06·CVSS 9.8
[CRITICAL] Firefox regression
Title: Firefox regression
Summary: USN-3175-1 introduced a regression in Firefox.
USN-3175-1 fixed vulnerabilities in Firefox. The update caused a
regression on systems where the AppArmor profile for Firefox is set to
enforce mode. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Multiple memory safety issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via application
crash, or execute arbitrary code. (CVE-2017-5373, CVE-2017-5374)
JIT code allocation can allow a bypass of ASLR protections in some
circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2017-01-27·CVSS 9.8
CVE-2017-5373 [CRITICAL] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Multiple memory safety issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via application
crash, or execute arbitrary code. (CVE-2017-5373, CVE-2017-5374)
JIT code allocation can allow a bypass of ASLR protections in some
circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code. (CVE-2017-5375)
Nicolas Grégoire discovered a use-after-free when manipulating XSL in
XSLT documents in some circ
Debian
CVE-2017-5387: firefox - The existence of a specifically requested local file can be found due to the dou...
vendor_debian·2017·CVSS 3.3
CVE-2017-5387 [LOW] CVE-2017-5387: firefox - The existence of a specifically requested local file can be found due to the dou...
The existence of a specifically requested local file can be found due to the double firing of the "onerror" when the "source" attribute on a "" tag refers to a file that does not exist if the source page is loaded locally. This vulnerability affects Firefox < 51.
Scope: local
sid: resolved (fixed in 51.0-1)
GHSA
GHSA-fgxx-ch38-43gw: The existence of a specifically requested local file can be found due to the double firing of the "onerror" when the "source" attribute on a "" tag re
ghsa_unreviewed·2022-05-14
CVE-2017-5387 [LOW] CWE-538 GHSA-fgxx-ch38-43gw: The existence of a specifically requested local file can be found due to the double firing of the "onerror" when the "source" attribute on a "" tag re
The existence of a specifically requested local file can be found due to the double firing of the "onerror" when the "source" attribute on a "" tag refers to a file that does not exist if the source page is loaded locally. This vulnerability affects Firefox < 51.
OSV
firefox regression
osv·2017-02-06·CVSS 9.8
[CRITICAL] firefox regression
firefox regression
USN-3175-1 fixed vulnerabilities in Firefox. The update caused a
regression on systems where the AppArmor profile for Firefox is set to
enforce mode. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Multiple memory safety issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via application
crash, or execute arbitrary code. (CVE-2017-5373, CVE-2017-5374)
JIT code allocation can allow a bypass of ASLR protections in some
circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via application crash, or execute
OSV
firefox vulnerabilities
osv·2017-01-27·CVSS 9.8
CVE-2017-5373 [CRITICAL] firefox vulnerabilities
firefox vulnerabilities
Multiple memory safety issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via application
crash, or execute arbitrary code. (CVE-2017-5373, CVE-2017-5374)
JIT code allocation can allow a bypass of ASLR protections in some
circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code. (CVE-2017-5375)
Nicolas Grégoire discovered a use-after-free when manipulating XSL in
XSLT documents in some circumstances. If a user were tricked in to opening
a specially crafted website, an attacker could potentially explo
OSV
CVE-2017-5387: The existence of a specifically requested local file can be found due to the double firing of the "onerror" when the "source" attribute on a "" tag re
osv·2017-01-25·CVSS 3.3
CVE-2017-5387 [LOW] CVE-2017-5387: The existence of a specifically requested local file can be found due to the double firing of the "onerror" when the "source" attribute on a "" tag re
The existence of a specifically requested local file can be found due to the double firing of the "onerror" when the "source" attribute on a "" tag refers to a file that does not exist if the source page is loaded locally. This vulnerability affects Firefox < 51.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/95763http://www.securitytracker.com/id/1037693https://bugzilla.mozilla.org/show_bug.cgi?id=1295023https://www.mozilla.org/security/advisories/mfsa2017-01/http://www.securityfocus.com/bid/95763http://www.securitytracker.com/id/1037693https://bugzilla.mozilla.org/show_bug.cgi?id=1295023https://www.mozilla.org/security/advisories/mfsa2017-01/
2018-06-11
Published