CVE-2017-5416high
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
In certain circumstances a networking event listener can be prematurely released. This appears to result in a null dereference in practice. This vulnerability affects Firefox < 52 and Thunderbird < 52.
References
http://www.securityfocus.com/bid/96692
http://www.securitytracker.com/id/1037966
https://bugzilla.mozilla.org/show_bug.cgi?id=1328121
Details
Source: MITRE
Published: 2018-06-11
Updated: 2018-08-07
Type: CWE-476
Risk Information
CVSS v2
Base Score: 5
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact Score: 2.9
Exploitability Score: 10
Severity: MEDIUM
CVSS v3
Base Score: 7.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Impact Score: 3.6
Exploitability Score: 3.9
Severity: HIGH
Vulnerable Software
Configuration 1
OR
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 100020 | openSUSE Security Update : MozillaThunderbird (openSUSE-2017-545) | Nessus | SuSE Local Security Checks | critical |
| 99121 | Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : firefox regression (USN-3216-2) | Nessus | Ubuntu Local Security Checks | critical |
| 97747 | openSUSE Security Update : MozillaFirefox / mozilla-nss (openSUSE-2017-344) | Nessus | SuSE Local Security Checks | critical |
| 97639 | Mozilla Firefox < 52.0 Multiple Vulnerabilities | Nessus | Windows | critical |
| 97637 | Mozilla Firefox < 52.0 Multiple Vulnerabilities (macOS) | Nessus | MacOS X Local Security Checks | critical |
| 97600 | Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : firefox vulnerabilities (USN-3216-1) | Nessus | Ubuntu Local Security Checks | critical |
| 97592 | FreeBSD : mozilla -- multiple vulnerabilities (96eca031-1313-4daf-9be2-9d6e1c4f1eb5) | Nessus | FreeBSD Local Security Checks | critical |