Main Vulnerability Database Vulnerabilities #VU6331

#VU6331 Out-of-bounds read in Mozilla Firefox and Firefox ESR - CVE-2017-5465

Published: April 19, 2017 / Updated: September 14, 2018

Vulnerability identifier: #VU6331

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber

CVE-ID: CVE-2017-5465

CWE-ID: CWE-125

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
Mozilla Firefox
Firefox ESR

Software vendor:
Mozilla

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error while processing SVG content in ConvolvePixel. A remote attacker can trigger out-of-bounds read and gain access to sensitive system memory.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Remediation

Update to Firefox 53, Firefox ESR 45.9 or Firefox ESR 52.1.

#VU6331 Out-of-bounds read in Mozilla Firefox and Firefox ESR - CVE-2017-5465

Description

Remediation

External links