CVE-2017-5418 — Out-of-bounds Read in Mozilla Firefox

CWE-125 — Out-of-bounds Read8 documents5 sources

Severity

5.3MEDIUMNVD

OSV9.8

EPSS

0.5%

top 33.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Thunderbird Debian Firefox

Timeline

PublishedJun 11

Latest updateMay 14

Description

An out of bounds read error occurs when parsing some HTTP digest authorization responses, resulting in information leakage through the reading of random memory containing matches to specifically set patterns. This vulnerability affects Firefox < 52 and Thunderbird < 52.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages6 packages

▶debiandebian/firefox< firefox 52.0-1 (sid)

▶CVEListV5mozilla/firefoxunspecified — 52

▶NVDmozilla/firefox< 52.0

▶CVEListV5mozilla/thunderbirdunspecified — 52

▶NVDmozilla/thunderbird< 52.0

Patches

Patch: bugzilla.mozilla.org ↗Patch: bugzilla.mozilla.org ↗

🔴Vulnerability Details

GHSA

GHSA-96c7-2g3r-8573: An out of bounds read error occurs when parsing some HTTP digest authorization responses, resulting in information leakage through the reading of rand↗2022-05-14

▶

OSV

firefox regression↗2017-03-30

▶

OSV

firefox vulnerabilities↗2017-03-07

▶

OSV

CVE-2017-5418: An out of bounds read error occurs when parsing some HTTP digest authorization responses, resulting in information leakage through the reading of rand↗2017-03-07

▶

📋Vendor Advisories

Ubuntu

Firefox regression↗2017-03-30

▶

Ubuntu

Firefox vulnerabilities↗2017-03-07

▶

Debian

CVE-2017-5418: firefox - An out of bounds read error occurs when parsing some HTTP digest authorization r...↗2017

▶