CVE-2017-5398Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer12 documents8 sources
Severity
9.8CRITICALNVD
EPSS
3.3%
top 12.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird+7 more
Timeline
PublishedJun 11
Latest updateMay 14

Description

Memory safety bugs were reported in Thunderbird 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages11 packages

CVEListV5mozilla/thunderbirdunspecified52+1
Ubuntumozilla/thunderbird< 1:45.8.0+build1-0ubuntu0.14.04.1+1
CVEListV5mozilla/firefoxunspecified52

Also affects: Debian Linux 8.0, 9.0, Enterprise Linux 7.3, 7.4, 7.5

🔴Vulnerability Details

6
GHSA
GHSA-x79g-jhh9-8x2f: Memory safety bugs were reported in Thunderbird 452022-05-14
CVEList
CVE-2017-5398: Memory safety bugs were reported in Thunderbird 452018-06-11
OSV
CVE-2017-5398: Memory safety bugs were reported in Thunderbird 452018-06-11
OSV
firefox regression2017-03-30
OSV
thunderbird vulnerabilities2017-03-24

📋Vendor Advisories

4
Ubuntu
Thunderbird vulnerabilities2017-03-24
Ubuntu
Firefox vulnerabilities2017-03-07
Red Hat
Mozilla: Memory safety bugs fixed in Firefox 52 and Firefox ESR 45.8 (MFSA 2017-06)2017-03-07
Debian
CVE-2017-5398: firefox - Memory safety bugs were reported in Thunderbird 45.7. Some of these bugs showed ...2017

💬Community

1
Bugzilla
CVE-2017-5398 Mozilla: Memory safety bugs fixed in Firefox 52 and Firefox ESR 45.8 (MFSA 2017-06)2017-03-07
CVE-2017-5398 — Mozilla Firefox vulnerability | cvebase