Main Vulnerability Database Vulnerabilities #VU5921

#VU5921 Security bypass in Mozilla Firefox - CVE-2017-5400

Published: March 7, 2017

Vulnerability identifier: #VU5921

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2017-5400

CWE-ID: CWE-265

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Mozilla Firefox

Software vendor:
Mozilla

Description

The vulnerability allows a remote attacker to bypass implemented security mechanisms.

The vulnerability exists due to an error within asm.js. A remote attacker can perform a JIT-spray technique combined with a heap spray and bypass implemented ASLR and DEP protections.

Successful exploitation of the vulnerability may allow an attacker to leverage exploitation of other remote code execution vulnerabilities.

Remediation

Update to Firefox 52.

External links

https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/