CVE-2017-5464 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox
CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer12 documents8 sources
Severity
9.8CRITICALNVD
EPSS
1.4%
top 19.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 11
Latest updateMay 14
Description
During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages10 packages
Also affects: Debian Linux 8.0, Enterprise Linux 6.0, 7.0, 7.3, 7.4, 7.5
🔴Vulnerability Details
6GHSA▶
GHSA-cr6c-8rp4-gv28: During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory↗2022-05-14
CVEList▶
CVE-2017-5464: During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory↗2018-06-11
OSV▶
CVE-2017-5464: During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory↗2018-06-11
📋Vendor Advisories
4💬Community
1Bugzilla▶
CVE-2017-5464 Mozilla: Memory corruption with accessibility and DOM manipulation (MFSA 2017-11, MFSA 2017-12)↗2017-04-19