CVE-2017-5467

MEDIUM

Description

A potential memory corruption and crash when using Skia content when drawing content outside of the bounds of a clipping region. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.

References

http://www.securityfocus.com/bid/97940

http://www.securitytracker.com/id/1038320

https://access.redhat.com/errata/RHSA-2017:1106

https://access.redhat.com/errata/RHSA-2017:1201

https://bugzilla.mozilla.org/show_bug.cgi?id=1347262

https://www.mozilla.org/security/advisories/mfsa2017-10/

https://www.mozilla.org/security/advisories/mfsa2017-12/

https://www.mozilla.org/security/advisories/mfsa2017-13/

Details

Source: MITRE

Published: 2018-06-11

Updated: 2018-07-30

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

ID	Name	Product	Family	Severity
127347	NewStart CGSL MAIN 4.05 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0110)	Nessus	NewStart CGSL Local Security Checks	critical
102694	SUSE SLES11 Security Update : MozillaFirefox, MozillaFirefox-branding-SLED, firefox-gcc5, mozilla-nss (SUSE-SU-2017:2235-1)	Nessus	SuSE Local Security Checks	high
101460	Virtuozzo 6 : thunderbird (VZLSA-2017-1201)	Nessus	Virtuozzo Local Security Checks	high
101457	Virtuozzo 7 : firefox (VZLSA-2017-1106)	Nessus	Virtuozzo Local Security Checks	high
101055	SUSE SLED12 / SLES12 Security Update : MozillaFirefox, MozillaFirefox-branding-SLE (SUSE-SU-2017:1669-1)	Nessus	SuSE Local Security Checks	high
100688	EulerOS 2.0 SP2 : firefox (EulerOS-SA-2017-1093)	Nessus	Huawei Local Security Checks	high
100687	EulerOS 2.0 SP1 : firefox (EulerOS-SA-2017-1092)	Nessus	Huawei Local Security Checks	high
100249	Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : thunderbird vulnerabilities (USN-3278-1)	Nessus	Ubuntu Local Security Checks	high
100153	Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : firefox regression (USN-3260-2)	Nessus	Ubuntu Local Security Checks	high
100065	CentOS 6 / 7 : thunderbird (CESA-2017:1201)	Nessus	CentOS Local Security Checks	high
100049	Scientific Linux Security Update : thunderbird on SL6.x, SL7.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
100045	Oracle Linux 6 / 7 : thunderbird (ELSA-2017-1201)	Nessus	Oracle Linux Local Security Checks	high
100021	RHEL 6 / 7 : thunderbird (RHSA-2017:1201)	Nessus	Red Hat Local Security Checks	high
100020	openSUSE Security Update : MozillaThunderbird (openSUSE-2017-545)	Nessus	SuSE Local Security Checks	critical
99968	Mozilla Thunderbird < 52.1 Multiple Vulnerabilities	Nessus	Windows	high
99967	Mozilla Thunderbird < 52.1 Multiple Vulnerabilities (macOS)	Nessus	MacOS X Local Security Checks	high
99649	openSUSE Security Update : Mozilla Firefox (openSUSE-2017-509)	Nessus	SuSE Local Security Checks	high
99632	Mozilla Firefox < 53 Multiple Vulnerabilities	Nessus	Windows	high
99631	Mozilla Firefox ESR 52.x < 52.1 Multiple Vulnerabilities	Nessus	Windows	high
99629	Mozilla Firefox < 53 Multiple Vulnerabilities (macOS)	Nessus	MacOS X Local Security Checks	high
99628	Mozilla Firefox ESR < 52.1 Multiple Vulnerabilities (macOS)	Nessus	MacOS X Local Security Checks	high
99626	Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : firefox vulnerabilities (USN-3260-1)	Nessus	Ubuntu Local Security Checks	high
99619	Scientific Linux Security Update : firefox on SL7.x x86_64	Nessus	Scientific Linux Local Security Checks	high
700065	Mozilla Firefox < 53 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
99572	RHEL 7 : firefox (RHSA-2017:1106)	Nessus	Red Hat Local Security Checks	high
99565	Oracle Linux 7 : firefox (ELSA-2017-1106)	Nessus	Oracle Linux Local Security Checks	high
99539	CentOS 7 : firefox (CESA-2017:1106)	Nessus	CentOS Local Security Checks	high
99496	FreeBSD : mozilla -- multiple vulnerabilities (5e0a038a-ca30-416d-a2f5-38cbf5e7df33)	Nessus	FreeBSD Local Security Checks	high