CVE-2017-5373

critical
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.

References

http://rhn.redhat.com/errata/RHSA-2017-0190.html

http://rhn.redhat.com/errata/RHSA-2017-0238.html

http://www.securityfocus.com/bid/95762

http://www.securitytracker.com/id/1037693

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1322315%2C1328834%2C1322420%2C1285833%2C1285960%2C1328251%2C1331058%2C1325938%2C1325877

https://security.gentoo.org/glsa/201702-13

https://security.gentoo.org/glsa/201702-22

https://www.debian.org/security/2017/dsa-3771

https://www.debian.org/security/2017/dsa-3832

https://www.mozilla.org/security/advisories/mfsa2017-01/

https://www.mozilla.org/security/advisories/mfsa2017-02/

https://www.mozilla.org/security/advisories/mfsa2017-03/

Details

Source: MITRE

Published: 2018-06-11

Updated: 2018-08-02

Type: CWE-119

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Tenable Plugins

View all (35 total)

IDNameProductFamilySeverity
101418Virtuozzo 6 : thunderbird (VZLSA-2017-0238)NessusVirtuozzo Local Security Checks
critical
101416Virtuozzo 6 : firefox (VZLSA-2017-0190)NessusVirtuozzo Local Security Checks
critical
99858EulerOS 2.0 SP1 : firefox (EulerOS-SA-2017-1012)NessusHuawei Local Security Checks
critical
99857EulerOS 2.0 SP2 : firefox (EulerOS-SA-2017-1011)NessusHuawei Local Security Checks
critical
99545Debian DSA-3832-1 : icedove - security updateNessusDebian Local Security Checks
critical
99442Debian DLA-896-1 : icedove/thunderbird security updateNessusDebian Local Security Checks
critical
97265GLSA-201702-22 : Mozilla Firefox: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
97256GLSA-201702-13 : Mozilla Thunderbird: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
97082SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2017:0427-1)NessusSuSE Local Security Checks
critical
97081SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2017:0426-1)NessusSuSE Local Security Checks
critical
97047Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : firefox regression (USN-3175-2)NessusUbuntu Local Security Checks
critical
96975Scientific Linux Security Update : thunderbird on SL5.x, SL6.x, SL7.x i386/x86_64 (20170202)NessusScientific Linux Local Security Checks
critical
96970Oracle Linux 6 / 7 : thunderbird (ELSA-2017-0238)NessusOracle Linux Local Security Checks
critical
96962CentOS 5 / 6 / 7 : thunderbird (CESA-2017:0238)NessusCentOS Local Security Checks
critical
96949RHEL 5 / 6 / 7 : thunderbird (RHSA-2017:0238)NessusRed Hat Local Security Checks
critical
96941openSUSE Security Update : MozillaThunderbird (openSUSE-2017-188)NessusSuSE Local Security Checks
critical
96940openSUSE Security Update : MozillaFirefox (openSUSE-2017-187)NessusSuSE Local Security Checks
critical
9928Mozilla Firefox ESR < 45.7 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
9927Mozilla Firefox < 51 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
96905Mozilla Thunderbird < 45.7 Multiple VulnerabilitiesNessusWindows
critical
96904Mozilla Thunderbird < 45.7 Multiple Vulnerabilities (macOS)NessusMacOS X Local Security Checks
critical
96872Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : firefox vulnerabilities (USN-3175-1)NessusUbuntu Local Security Checks
critical
96871Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : thunderbird vulnerabilities (USN-3165-1)NessusUbuntu Local Security Checks
critical
96815Debian DLA-800-1 : firefox-esr security updateNessusDebian Local Security Checks
critical
96813CentOS 5 / 6 / 7 : firefox (CESA-2017:0190)NessusCentOS Local Security Checks
critical
96804Slackware 14.1 / 14.2 / current : mozilla-thunderbird (SSA:2017-026-01)NessusSlackware Local Security Checks
critical
96792Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64 (20170125)NessusScientific Linux Local Security Checks
critical
96791RHEL 5 / 6 / 7 : firefox (RHSA-2017:0190)NessusRed Hat Local Security Checks
critical
96789Oracle Linux 5 / 6 / 7 : firefox (ELSA-2017-0190)NessusOracle Linux Local Security Checks
critical
96780Debian DSA-3771-1 : firefox-esr - security updateNessusDebian Local Security Checks
critical
96776Mozilla Firefox < 51.0 Multiple VulnerabilitiesNessusWindows
critical
96775Mozilla Firefox ESR < 45.7 Multiple VulnerabilitiesNessusWindows
critical
96774Mozilla Firefox < 51 Multiple Vulnerabilities (macOS)NessusMacOS X Local Security Checks
critical
96773Mozilla Firefox ESR 45.x < 45.7 Multiple Vulnerabilities (macOS)NessusMacOS X Local Security Checks
critical
96743FreeBSD : mozilla -- multiple vulnerabilities (e60169c4-aa86-46b0-8ae2-0d81f683df09)NessusFreeBSD Local Security Checks
critical