CVE-2017-5428 Vulnerability Details

  /     /     /  

CVE-2017-5428 Metadata Quick Info

CVE Published: 11/06/2018 | CVE Updated: 05/08/2024 | CVE Year: 2017
Source: mozilla | Vendor: Mozilla | Product: Firefox ESR
Status : PUBLISHED

---

CVE-2017-5428 Description

An integer overflow in "createImageBitmap()" was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the "createImageBitmap" API. This function runs in the content sandbox, requiring a second vulnerability to compromise a user\'s computer. This vulnerability affects Firefox ESR < 52.0.1 and Firefox < 52.0.1.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: integer overflow in createImageBitmap()
Source: Mozilla

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).