Vulnerability Details : CVE-2017-5392
Weak proxy objects have weak references on multiple threads when they should only have them on one, resulting in incorrect memory usage and corruption, which leads to potentially exploitable crashes. Note: This issue only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 51.
Vulnerability category: Overflow
Exploit prediction scoring system (EPSS) score for CVE-2017-5392
Probability of exploitation activity in the next 30 days: 0.80%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 80 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2017-5392
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2017-5392
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-5392
-
https://www.mozilla.org/security/advisories/mfsa2017-01/
Security vulnerabilities fixed in Firefox 51 — MozillaVendor Advisory
-
http://www.securitytracker.com/id/1037693
Mozilla Firefox Multiple Bugs Let Remote Users Bypass Security Restrictions, Spoof URLs, Obtain Potentially Sensitive Information, and Execute Arbitrary Code - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/95763
Mozilla Firefox Multiple Security VulnerabilitiesThird Party Advisory;VDB Entry
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1293709
1293709 - (CVE-2017-5392) nsWindow::LayerViewSupport's weak reference used on multiple threadsIssue Tracking;Vendor Advisory
Products affected by CVE-2017-5392
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*