CVE-2017-5428

Summary

An integer overflow in "createImageBitmap()" was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the "createImageBitmap" API. This function runs in the content sandbox, requiring a second vulnerability to compromise a user's computer. This vulnerability affects Firefox ESR < 52.0.1 and Firefox < 52.0.1.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefox ESRunspecified < 52.0.1affected
MozillaFirefoxunspecified < 52.0.1affected

Weaknesses

  • integer overflow in createImageBitmap()

ADP Enrichment

CVE Program Container

Additional References

References