CVE-2017-7813 — Out-of-bounds Read in Mozilla Firefox

CWE-125 — Out-of-bounds Read CWE-704 — Incorrect Type Conversion or Cast8 documents5 sources

Severity

8.2HIGHNVD

OSV9.8

EPSS

0.6%

top 31.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Debian Firefox

Timeline

PublishedJun 11

Latest updateMay 13

Description

Inside the JavaScript parser, a cast of an integer to a narrower type can result in data read from outside the buffer being parsed. This usually results in a non-exploitable crash, but can leak a limited amount of information from memory if it matches JavaScript identifier syntax. This vulnerability affects Firefox < 56.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:HExploitability: 3.9 | Impact: 4.2

Affected Packages4 packages

▶debiandebian/firefox< firefox 56.0-1 (sid)

▶CVEListV5mozilla/firefoxunspecified — 56

▶Ubuntumozilla/firefox< 56.0+build6-0ubuntu0.14.04.1+4

▶NVDmozilla/firefox55.0.3

🔴Vulnerability Details

GHSA

GHSA-3q69-c555-hw23: Inside the JavaScript parser, a cast of an integer to a narrower type can result in data read from outside the buffer being parsed↗2022-05-13

▶

OSV

firefox regression↗2017-10-04

▶

OSV

CVE-2017-7813: Inside the JavaScript parser, a cast of an integer to a narrower type can result in data read from outside the buffer being parsed↗2017-10-02

▶

OSV

firefox vulnerabilities↗2017-10-02

▶

📋Vendor Advisories

Ubuntu

Firefox regression↗2017-10-04

▶

Ubuntu

Firefox vulnerabilities↗2017-10-02

▶

Debian

CVE-2017-7813: firefox - Inside the JavaScript parser, a cast of an integer to a narrower type can result...↗2017

▶