CVE-2017-5388

Summary

A STUN server in conjunction with a large number of "webkitRTCPeerConnection" objects can be used to send large STUN packets in a short period of time due to a lack of rate limiting being applied on e10s systems, allowing for a denial of service attack. This vulnerability affects Firefox < 51.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 51affected

Weaknesses

  • WebRTC can be used to generate a large amount of UDP traffic for DDOS attacks

ADP Enrichment

CVE Program Container

Additional References

References