CVE-2017-5428

Sažetak

An integer overflow in "createImageBitmap()" was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the "createImageBitmap" API. This function runs in the content sandbox, requiring a second vulnerability to compromise a user's computer. This vulnerability affects Firefox ESR < 52.0.1 and Firefox < 52.0.1.

Reference

http://rhn.redhat.com/errata/RHSA-2017-0558.html
http://www.securityfocus.com/bid/96959
http://www.securitytracker.com/id/1038060
https://bugzilla.mozilla.org/show_bug.cgi?id=1348168
https://www.mozilla.org/security/advisories/mfsa2017-08/

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

09-08-2018 - 15:27

Objavljeno

11-06-2018 - 21:29