CVE-2017-7813

2017-10-0200:00:00

ubuntu.com

0.003 Low

EPSS

Percentile

68.6%

JSON

Inside the JavaScript parser, a cast of an integer to a narrower type can
result in data read from outside the buffer being parsed. This usually
results in a non-exploitable crash, but can leak a limited amount of
information from memory if it matches JavaScript identifier syntax. This
vulnerability affects Firefox < 56.

Notes

Author	Note
tyhicks	mozjs contains a copy of the SpiderMonkey JavaScript engine

OSVersionArchitecturePackageVersionFilename
ubuntu17.10noarchfirefox< 56.0+build6-0ubuntu1UNKNOWN
ubuntu18.04noarchfirefox< 56.0+build6-0ubuntu1UNKNOWN
ubuntu18.10noarchfirefox< 56.0+build6-0ubuntu1UNKNOWN
ubuntu19.04noarchfirefox< 56.0+build6-0ubuntu1UNKNOWN
ubuntu19.10noarchfirefox< 56.0+build6-0ubuntu1UNKNOWN
ubuntu20.04noarchfirefox< 56.0+build6-0ubuntu1UNKNOWN
ubuntu20.10noarchfirefox< 56.0+build6-0ubuntu1UNKNOWN
ubuntu21.04noarchfirefox< 56.0+build6-0ubuntu1UNKNOWN
ubuntu21.10noarchfirefox< 56.0+build6-0ubuntu1UNKNOWN
ubuntu22.04noarchfirefox< 56.0+build6-0ubuntu1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	17.10	noarch	firefox	< 56.0+build6-0ubuntu1	UNKNOWN
ubuntu	18.04	noarch	firefox	< 56.0+build6-0ubuntu1	UNKNOWN
ubuntu	18.10	noarch	firefox	< 56.0+build6-0ubuntu1	UNKNOWN
ubuntu	19.04	noarch	firefox	< 56.0+build6-0ubuntu1	UNKNOWN
ubuntu	19.10	noarch	firefox	< 56.0+build6-0ubuntu1	UNKNOWN
ubuntu	20.04	noarch	firefox	< 56.0+build6-0ubuntu1	UNKNOWN
ubuntu	20.10	noarch	firefox	< 56.0+build6-0ubuntu1	UNKNOWN
ubuntu	21.04	noarch	firefox	< 56.0+build6-0ubuntu1	UNKNOWN
ubuntu	21.10	noarch	firefox	< 56.0+build6-0ubuntu1	UNKNOWN
ubuntu	22.04	noarch	firefox	< 56.0+build6-0ubuntu1	UNKNOWN