Vulnerability Description
An out of bounds read error occurs when parsing some HTTP digest authorization responses, resulting in information leakage through the reading of random memory containing matches to specifically set patterns. This vulnerability affects Firefox < 52 and Thunderbird < 52.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | < 52.0 |
| Mozilla | Thunderbird | < 52.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/96692Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1037966Third Party AdvisoryVDB Entry
- https://bugzilla.mozilla.org/show_bug.cgi?id=1338876ExploitIssue TrackingPatch
- https://www.mozilla.org/security/advisories/mfsa2017-05/Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2017-09/Vendor Advisory
- http://www.securityfocus.com/bid/96692Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1037966Third Party AdvisoryVDB Entry
- https://bugzilla.mozilla.org/show_bug.cgi?id=1338876ExploitIssue TrackingPatch
- https://www.mozilla.org/security/advisories/mfsa2017-05/Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2017-09/Vendor Advisory
FAQ
What is CVE-2017-5418?
CVE-2017-5418 is a vulnerability with a CVSS score of 5.3 (MEDIUM). An out of bounds read error occurs when parsing some HTTP digest authorization responses, resulting in information leakage through the reading of random memory containing matches to specifically set p...
How severe is CVE-2017-5418?
CVE-2017-5418 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-5418?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Thunderbird.