Main Vulnerability Database Vulnerabilities #VU5921

Security bypass in Mozilla Firefox - CVE-2017-5400

Published: March 7, 2017

Vulnerability identifier: #VU5921

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2017-5400

CWE-ID: CWE-265

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Mozilla

Affected software:
Mozilla Firefox

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass implemented security mechanisms.

The vulnerability exists due to an error within asm.js. A remote attacker can perform a JIT-spray technique combined with a heap spray and bypass implemented ASLR and DEP protections.

Successful exploitation of the vulnerability may allow an attacker to leverage exploitation of other remote code execution vulnerabilities.

How to mitigate CVE-2017-5400

Update to Firefox 52.

Sources

https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/

Security bypass in Mozilla Firefox - CVE-2017-5400

Detailed vulnerability description

How to mitigate CVE-2017-5400

Sources

Please verify you're human