Lucene search

K

[email protected]NVD:CVE-2017-5373

HistoryJun 11, 2018 - 9:29 p.m.

CVE-2017-5373

2018-06-1121:29:02

CWE-119

[email protected]

web.nvd.nist.gov

4

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

10

Confidence

High

EPSS

0.012

Percentile

85.1%

Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.

Affected configurations

Nvd

Node

mozillafirefoxRange<51.0

OR

mozillafirefox_esrRange<45.7.0

OR

mozillathunderbirdRange<45.7.0

Node

debiandebian_linuxMatch8.0

Node

redhatenterprise_linux_desktopMatch5.0

OR

redhatenterprise_linux_desktopMatch6.0

OR

redhatenterprise_linux_desktopMatch7.0

OR

redhatenterprise_linux_serverMatch5.0

OR

redhatenterprise_linux_serverMatch6.0

OR

redhatenterprise_linux_serverMatch7.0

OR

redhatenterprise_linux_workstationMatch5.0

OR

redhatenterprise_linux_workstationMatch6.0

OR

redhatenterprise_linux_workstationMatch7.0

References

rhn.redhat.com/errata/RHSA-2017-0190.html

rhn.redhat.com/errata/RHSA-2017-0238.html

www.securityfocus.com/bid/95762

www.securitytracker.com/id/1037693

bugzilla.mozilla.org/buglist.cgi?bug_id=1322315%2C1328834%2C1322420%2C1285833%2C1285960%2C1328251%2C1331058%2C1325938%2C1325877

security.gentoo.org/glsa/201702-13

security.gentoo.org/glsa/201702-22

www.debian.org/security/2017/dsa-3771

www.debian.org/security/2017/dsa-3832

www.mozilla.org/security/advisories/mfsa2017-01/

www.mozilla.org/security/advisories/mfsa2017-02/

www.mozilla.org/security/advisories/mfsa2017-03/

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

10

Confidence

High

EPSS

0.012

Percentile

85.1%

Related for NVD:CVE-2017-5373

cvelist1 veracode1 alpinelinux1 ubuntucve1 cve1 prion1 redhatcve1 debiancve1 openvas33 nessus33 centos2 oraclelinux2 redhat2 archlinux2 mozilla3 mageia3 kaspersky2 gentoo2 osv4 ibm2 suse3 debian4 slackware1 ubuntu3 freebsd1