CVE-2017-5401 Information

Description

A crash triggerable by web content in which an \ErrorResult\ references unassigned memory due to a logic error. The resulting crash may be exploitable. This vulnerability affects Firefox 52 Firefox ESR 45.8 Thunderbird 52 and Thunderbird 45.8.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

http://rhn.redhat.com/errata/RHSA-2017-0459.html http://rhn.redhat.com/errata/RHSA-2017-0461.html http://rhn.redhat.com/errata/RHSA-2017-0498.html http://www.securityfocus.com/bid/96677 http://www.securitytracker.com/id/1037966 https://bugzilla.mozilla.org/show_bug.cgi?id=1328861 https://security.gentoo.org/glsa/201705-06 https://security.gentoo.org/glsa/201705-07 https://www.debian.org/security/2017/dsa-3805 https://www.debian.org/security/2017/dsa-3832 https://www.mozilla.org/security/advisories/mfsa2017-05/ https://www.mozilla.org/security/advisories/mfsa2017-06/ https://www.mozilla.org/security/advisories/mfsa2017-07/ https://www.mozilla.org/security/advisories/mfsa2017-09/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8