Vulnerability Description
Weak proxy objects have weak references on multiple threads when they should only have them on one, resulting in incorrect memory usage and corruption, which leads to potentially exploitable crashes. Note: This issue only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 51.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | < 51.0 |
| Android | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/95763Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1037693Third Party AdvisoryVDB Entry
- https://bugzilla.mozilla.org/show_bug.cgi?id=1293709Issue TrackingVendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2017-01/Vendor Advisory
- http://www.securityfocus.com/bid/95763Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1037693Third Party AdvisoryVDB Entry
- https://bugzilla.mozilla.org/show_bug.cgi?id=1293709Issue TrackingVendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2017-01/Vendor Advisory
FAQ
What is CVE-2017-5392?
CVE-2017-5392 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Weak proxy objects have weak references on multiple threads when they should only have them on one, resulting in incorrect memory usage and corruption, which leads to potentially exploitable crashes. ...
How severe is CVE-2017-5392?
CVE-2017-5392 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-5392?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Google Android.