CVE-2017-5428

critical

Description

An integer overflow in "createImageBitmap()" was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the "createImageBitmap" API. This function runs in the content sandbox, requiring a second vulnerability to compromise a user's computer. This vulnerability affects Firefox ESR < 52.0.1 and Firefox < 52.0.1.

References

https://www.mozilla.org/security/advisories/mfsa2017-08/

https://bugzilla.mozilla.org/show_bug.cgi?id=1348168

http://www.securitytracker.com/id/1038060

http://www.securityfocus.com/bid/96959

http://rhn.redhat.com/errata/RHSA-2017-0558.html

Details

Source: Mitre, NVD

Published: 2018-06-11

Updated: 2018-08-09

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical