CVE-2017-5467 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2017-5467?

CVE-2017-5467 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2017-5467?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server, Redhat Enterprise Linux Workstation, Mozilla Firefox, Mozilla Firefox Esr.

Vulnerability Description

A potential memory corruption and crash when using Skia content when drawing content outside of the bounds of a clipping region. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.

CVSS Score

7.5

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Redhat	Enterprise Linux Desktop	6.0
Redhat	Enterprise Linux Server	6.0
Redhat	Enterprise Linux Workstation	6.0
Mozilla	Firefox	< 53.0
Mozilla	Firefox Esr	< 52.1
Mozilla	Thunderbird	< 52.1.0

Related Weaknesses (CWE)

CWE-119

References

http://www.securityfocus.com/bid/97940Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1038320Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2017:1106Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1201Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1347262Issue TrackingPatch
https://www.mozilla.org/security/advisories/mfsa2017-10/Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2017-12/Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2017-13/Vendor Advisory
http://www.securityfocus.com/bid/97940Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1038320Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2017:1106Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1201Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1347262Issue TrackingPatch
https://www.mozilla.org/security/advisories/mfsa2017-10/Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2017-12/Vendor Advisory

FAQ

What is CVE-2017-5467?

CVE-2017-5467 is a vulnerability with a CVSS score of 7.5 (HIGH). A potential memory corruption and crash when using Skia content when drawing content outside of the bounds of a clipping region. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and ...

How severe is CVE-2017-5467?

CVE-2017-5467 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-5467?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server, Redhat Enterprise Linux Workstation, Mozilla Firefox, Mozilla Firefox Esr.