9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.791 High
EPSS
Percentile
97.7%
April 20, 2017 Andrey Cherepanov 45.9.0-alt1
- New ESR version
- Security fixes:
+ CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9,
+ CVE-2017-5462: DRBG flaw in NSS
+ CVE-2017-5445: Uninitialized values used while parsing
+ CVE-2017-5469: Potential Buffer overflow in flex-generated code
+ CVE-2017-5437: Vulnerabilities in Libevent library
+ CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor
+ CVE-2017-5465: Out-of-bounds read in ConvolvePixel
+ CVE-2017-5447: Out-of-bounds read during glyph processing
+ CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with
+ CVE-2017-5444: Buffer overflow while parsing application/http-index-format
+ CVE-2017-5443: Out-of-bounds write during BinHex decoding
+ CVE-2017-5464: Memory corruption with accessibility and DOM manipulation
+ CVE-2017-5442: Use-after-free during style changes
+ CVE-2017-5441: Use-after-free with selection during scroll events
+ CVE-2017-5440: Use-after-free in txExecutionState destructor during XSLT
+ CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing
+ CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing
+ CVE-2017-5460: Use-after-free in frame selection
+ CVE-2017-5432: Use-after-free in text input selection
+ CVE-2017-5434: Use-after-free during focus handling
+ CVE-2017-5459: Buffer overflow in WebGL
+ CVE-2017-5461: Out-of-bounds write in Base64 encoding in NSS
+ CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2
+ CVE-2017-5435: Use-after-free during transaction processing in the editor
+ CVE-2017-5433: Use-after-free in SMIL animation functions
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.791 High
EPSS
Percentile
97.7%