Vulnerability CVE-2017-5411: Information

Description

A use-after-free can occur during buffer storage operations within the ANGLE graphics library, used for WebGL content. The buffer storage can be freed while still in use in some circumstances, leading to a potentially exploitable crash. Note: This issue is in "libGLES", which is only in use on Windows. Other operating systems are not affected. This vulnerability affects Firefox < 52 and Thunderbird < 52.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2017-5411
Published: June 12, 2018
Modified: Aug. 2, 2018
Error type identifier: CWE-416

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
firefoxsisyphus52.0-alt1126.0.1-alt1ALT-PU-2017-1322-1180581Fixed
firefoxp1052.0-alt1118.0.2-alt0.p10.1ALT-PU-2017-1322-1180581Fixed
firefoxp952.0-alt1105.0.1-alt0.c9.1ALT-PU-2017-1322-1180581Fixed
firefoxp852.0-alt0.M80P.168.0.1-alt0.M80P.1ALT-PU-2017-1328-1180622Fixed
firefoxc10f152.0-alt1112.0.2-alt0.p10.1ALT-PU-2017-1322-1180581Fixed
firefoxc9f252.0-alt1105.0.1-alt0.c9.1ALT-PU-2017-1322-1180581Fixed
firefoxp1152.0-alt1126.0.1-alt1ALT-PU-2017-1322-1180581Fixed
firefox-esrsisyphus52.1.1-alt1115.11.0-alt1ALT-PU-2017-1578-1182570Fixed
firefox-esrp1052.1.1-alt1115.11.0-alt1ALT-PU-2017-1578-1182570Fixed
firefox-esrp952.1.1-alt1102.11.0-alt0.c9.1ALT-PU-2017-1578-1182570Fixed
firefox-esrp852.3.0-alt0.M80P.168.4.1-alt0.M80P.1ALT-PU-2017-2230-1188380Fixed
firefox-esrc10f152.1.1-alt1115.9.1-alt0.c10.1ALT-PU-2017-1578-1182570Fixed
firefox-esrc9f252.1.1-alt1102.12.0-alt0.c9.1ALT-PU-2017-1578-1182570Fixed
firefox-esrp1152.1.1-alt1115.11.0-alt1ALT-PU-2017-1578-1182570Fixed
thunderbirdc760.8.0-alt0.M70C.160.8.0-alt0.M70C.1ALT-PU-2019-2345-1234994Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://www.mozilla.org/security/advisories/mfsa2017-09/
  • Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2017-05/
  • Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1325511
  • Exploit
  • Issue Tracking
  • Vendor Advisory
1037966
  • Third Party Advisory
  • VDB Entry
96692
  • Third Party Advisory
  • VDB Entry

    1. Configuration 1

      cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
      Running on/with:
      cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

      Configuration 2

      cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
      Running on/with:
      cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.3
Back to top