An integer overflow in "createImageBitmap()" was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the "createImageBitmap" API. This function runs in the content sandbox, requiring a second vulnerability to compromise a user's computer. This vulnerability affects Firefox ESR < 52.0.1 and Firefox < 52.0.1.
References
Link | Resource |
---|---|
http://rhn.redhat.com/errata/RHSA-2017-0558.html | Third Party Advisory |
http://www.securityfocus.com/bid/96959 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1038060 | Third Party Advisory VDB Entry |
https://bugzilla.mozilla.org/show_bug.cgi?id=1348168 | Exploit Issue Tracking Patch Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2017-08/ | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mozilla
Published: 2018-06-11T21:00:00
Updated: 2018-06-12T09:57:01
Reserved: 2017-01-13T00:00:00
Link: CVE-2017-5428
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-06-11T21:29:05.453
Modified: 2018-08-09T15:27:03.350
Link: CVE-2017-5428
JSON object: View
Redhat Information
No data.
CWE