CVE-2017-5469Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents8 sources
Severity
9.8CRITICALNVD
EPSS
4.1%
top 11.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird+7 more
Timeline
PublishedJun 11
Latest updateMay 14

Description

Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages8 packages

CVEListV5mozilla/firefoxunspecified53
NVDmozilla/firefox< 45.9.0+2
CVEListV5mozilla/firefox_esrunspecified45.9+1
CVEListV5mozilla/thunderbirdunspecified52.1
NVDmozilla/thunderbird< 52.1.0

Also affects: Debian Linux 8.0, Enterprise Linux 6.0, 7.0, 7.3, 7.4, 7.5

Patches

Patch: bugzilla.mozilla.orgPatch: bugzilla.mozilla.org

🔴Vulnerability Details

3
GHSA
GHSA-gpr5-cvq3-j445: Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex2022-05-14
OSV
CVE-2017-5469: Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex2018-06-11
CVEList
CVE-2017-5469: Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex2018-06-11

📋Vendor Advisories

4
Ubuntu
Thunderbird vulnerabilities2017-05-16
Ubuntu
Firefox vulnerabilities2017-04-21
Red Hat
Mozilla: Potential Buffer overflow in flex-generated code (MFSA 2017-11, MFSA 2017-12)2017-04-19
Debian
CVE-2017-5469: firefox - Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 ...2017

💬Community

1
Bugzilla
CVE-2017-5469 Mozilla: Potential Buffer overflow in flex-generated code (MFSA 2017-11, MFSA 2017-12)2017-04-19
CVE-2017-5469 — Mozilla Firefox vulnerability | cvebase