CVE-2017-5428
N/A
N/A
Summary
An integer overflow in "createImageBitmap()" was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the "createImageBitmap" API. This function runs in the content sandbox, requiring a second vulnerability to compromise a user's computer. This vulnerability affects Firefox ESR < 52.0.1 and Firefox < 52.0.1.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Mozilla | Firefox ESR | unspecified < 52.0.1 | affected |
| Mozilla | Firefox | unspecified < 52.0.1 | affected |
Weaknesses
- integer overflow in createImageBitmap()
ADP Enrichment
CVE Program Container
Additional References
- http://www.securitytracker.com/id/1038060
- https://bugzilla.mozilla.org/show_bug.cgi?id=1348168
- http://www.securityfocus.com/bid/96959
- http://rhn.redhat.com/errata/RHSA-2017-0558.html
- https://www.mozilla.org/security/advisories/mfsa2017-08/
References
- http://www.securitytracker.com/id/1038060
- https://bugzilla.mozilla.org/show_bug.cgi?id=1348168
- http://www.securityfocus.com/bid/96959
- http://rhn.redhat.com/errata/RHSA-2017-0558.html
- https://www.mozilla.org/security/advisories/mfsa2017-08/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.