vulnerability
MFSA2017-08 Firefox: integer overflow in createImageBitmap() (CVE-2017-5428)
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Mar 17, 2017 | Mar 20, 2017 | Nov 27, 2024 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Mar 17, 2017
Added
Mar 20, 2017
Modified
Nov 27, 2024
Description
An integer overflow in "createImageBitmap()" was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the "createImageBitmap" API. This function runs in the content sandbox, requiring a second vulnerability to compromise a user's computer. This vulnerability affects Firefox ESR
Solution(s)
mozilla-firefox-esr-upgrade-52_0_1mozilla-firefox-upgrade-52_0_1

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.