CVE-2017-5392

HIGH

Description

Weak proxy objects have weak references on multiple threads when they should only have them on one, resulting in incorrect memory usage and corruption, which leads to potentially exploitable crashes. Note: This issue only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 51.

References

http://www.securityfocus.com/bid/95763

http://www.securitytracker.com/id/1037693

https://bugzilla.mozilla.org/show_bug.cgi?id=1293709

https://www.mozilla.org/security/advisories/mfsa2017-01/

Details

Source: MITRE

Published: 2018-06-11

Updated: 2018-08-07

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL