CVE-2017-5430

HIGH

Description

Memory safety bugs were reported in Firefox 52, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.

References

http://www.securityfocus.com/bid/97940

http://www.securitytracker.com/id/1038320

https://access.redhat.com/errata/RHSA-2017:1106

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1342101%2C1340482%2C1344686%2C1329796%2C1346419%2C1349621%2C1344081%2C1344305%2C1348143%2C1349719%2C1353476%2C1337418%2C1346140%2C1339722

https://www.mozilla.org/security/advisories/mfsa2017-10/

https://www.mozilla.org/security/advisories/mfsa2017-12/

https://www.mozilla.org/security/advisories/mfsa2017-13/

Details

Source: MITRE

Published: 2018-06-11

Updated: 2018-08-09

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Tenable Plugins

View all (22 total)

ID	Name	Product	Family	Severity
102694	SUSE SLES11 Security Update : MozillaFirefox, MozillaFirefox-branding-SLED, firefox-gcc5, mozilla-nss (SUSE-SU-2017:2235-1)	Nessus	SuSE Local Security Checks	high
101457	Virtuozzo 7 : firefox (VZLSA-2017-1106)	Nessus	Virtuozzo Local Security Checks	high
101055	SUSE SLED12 / SLES12 Security Update : MozillaFirefox, MozillaFirefox-branding-SLE (SUSE-SU-2017:1669-1)	Nessus	SuSE Local Security Checks	high
100688	EulerOS 2.0 SP2 : firefox (EulerOS-SA-2017-1093)	Nessus	Huawei Local Security Checks	high
100687	EulerOS 2.0 SP1 : firefox (EulerOS-SA-2017-1092)	Nessus	Huawei Local Security Checks	high
100249	Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : thunderbird vulnerabilities (USN-3278-1)	Nessus	Ubuntu Local Security Checks	high
100153	Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : firefox regression (USN-3260-2)	Nessus	Ubuntu Local Security Checks	high
100020	openSUSE Security Update : MozillaThunderbird (openSUSE-2017-545)	Nessus	SuSE Local Security Checks	critical
99968	Mozilla Thunderbird < 52.1 Multiple Vulnerabilities	Nessus	Windows	high
99967	Mozilla Thunderbird < 52.1 Multiple Vulnerabilities (macOS)	Nessus	MacOS X Local Security Checks	high
99632	Mozilla Firefox < 53 Multiple Vulnerabilities	Nessus	Windows	high
99631	Mozilla Firefox ESR 52.x < 52.1 Multiple Vulnerabilities	Nessus	Windows	high
99629	Mozilla Firefox < 53 Multiple Vulnerabilities (macOS)	Nessus	MacOS X Local Security Checks	high
99628	Mozilla Firefox ESR < 52.1 Multiple Vulnerabilities (macOS)	Nessus	MacOS X Local Security Checks	high
99626	Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : firefox vulnerabilities (USN-3260-1)	Nessus	Ubuntu Local Security Checks	high
99619	Scientific Linux Security Update : firefox on SL7.x x86_64 (20170420)	Nessus	Scientific Linux Local Security Checks	high
700066	Mozilla Firefox ESR < 52.1 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
700065	Mozilla Firefox < 53 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
99572	RHEL 7 : firefox (RHSA-2017:1106)	Nessus	Red Hat Local Security Checks	high
99565	Oracle Linux 7 : firefox (ELSA-2017-1106)	Nessus	Oracle Linux Local Security Checks	high
99539	CentOS 7 : firefox (CESA-2017:1106)	Nessus	CentOS Local Security Checks	high
99496	FreeBSD : mozilla -- multiple vulnerabilities (5e0a038a-ca30-416d-a2f5-38cbf5e7df33)	Nessus	FreeBSD Local Security Checks	high