CVE-2017-5428

HIGH

Description

An integer overflow in "createImageBitmap()" was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the "createImageBitmap" API. This function runs in the content sandbox, requiring a second vulnerability to compromise a user's computer. This vulnerability affects Firefox ESR < 52.0.1 and Firefox < 52.0.1.

References

http://rhn.redhat.com/errata/RHSA-2017-0558.html

http://www.securityfocus.com/bid/96959

http://www.securitytracker.com/id/1038060

https://bugzilla.mozilla.org/show_bug.cgi?id=1348168

https://www.mozilla.org/security/advisories/mfsa2017-08/

Details

Source: MITRE

Published: 2018-06-11

Updated: 2018-08-09

Type: CWE-190

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL