Home

CVE-2017-5428

Description

An integer overflow in createImageBitmap() was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the createImageBitmap API. This function runs in the content sandbox, requiring a second vulnerability to compromise a users computer. This vulnerability affects Firefox ESR < 52.0.1 and Firefox < 52.0.1.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.371

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2016-10196,CVE-2017-5421,CVE-2017-5428 are affected in Mozilla Firefox (x64) 52.0Windows
Vulnerabilities CVE-2016-10196,CVE-2017-5421,CVE-2017-5428 are affected in Mozilla_Firefox 52.0Windows
Vulnerabilities CVE-2017-5428 are fixed in Update for Mozilla Firefox For Mac (52.0.1)Mac
Multiple Vulnerabilities are affected in Firefox ESR for Mac 52.0Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 52.0Mac
Mozilla Open Source web browser (USN-3155-1) firefox_52.0.1+build2-0ubuntu0.16.10.1_i386.debLinux
Mozilla Open Source web browser (USN-3155-1) firefox_52.0.1+build2-0ubuntu0.16.10.1_amd64.debLinux
Mozilla Open Source web browser (USN-3238-1) firefox_52.0.1+build2-0ubuntu0.14.04.1_i386.debLinux
Mozilla Open Source web browser (USN-3238-1) firefox_52.0.1+build2-0ubuntu0.14.04.1_amd64.debLinux
Mozilla Open Source web browser (USN-3238-1) firefox_52.0.1+build2-0ubuntu0.16.04.1_i386.debLinux
Mozilla Open Source web browser (USN-3238-1) firefox_52.0.1+build2-0ubuntu0.16.04.1_amd64.debLinux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-607000Mozilla Firefox For Mac (124.0)
PATCH-611808Mozilla Firefox ESR for MAC 128.14.0
PATCH-611870Mozilla Firefox For Mac (142.0.1)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234