CVE-2017-5429Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer12 documents7 sources
Severity
9.8CRITICALNVD
EPSS
1.4%
top 19.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird+6 more
Timeline
PublishedJun 11
Latest updateMay 14

Description

Memory safety bugs were reported in Firefox 52, Firefox ESR 45.8, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages12 packages

debiandebian/firefox< firefox 52.0.1-1 (sid)
CVEListV5mozilla/firefoxunspecified53
NVDmozilla/firefox< 45.9.0+2
debiandebian/firefox-esr< firefox 52.0.1-1 (sid)
CVEListV5mozilla/firefox_esrunspecified45.9+1

Also affects: Debian Linux 8.0

🔴Vulnerability Details

5
GHSA
GHSA-jc2r-xxf8-56xv: Memory safety bugs were reported in Firefox 52, Firefox ESR 452022-05-14
OSV
CVE-2017-5429: Memory safety bugs were reported in Firefox 52, Firefox ESR 452018-06-11
OSV
thunderbird vulnerabilities2017-05-16
OSV
firefox regression2017-05-11
OSV
firefox vulnerabilities2017-04-21

📋Vendor Advisories

5
Ubuntu
Thunderbird vulnerabilities2017-05-16
Ubuntu
Firefox regression2017-05-11
Ubuntu
Firefox vulnerabilities2017-04-21
Red Hat
Mozilla: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1 (MFSA 2017-11, MFSA 2017-12)2017-04-19
Debian
CVE-2017-5429: firefox - Memory safety bugs were reported in Firefox 52, Firefox ESR 45.8, Firefox ESR 52...2017

💬Community

1
Bugzilla
CVE-2017-5429 Mozilla: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1 (MFSA 2017-11, MFSA 2017-12)2017-04-19