Your submission was sent successfully! Close

CVE-2017-5428

Published: 20 March 2017

An integer overflow in "createImageBitmap()" was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the "createImageBitmap" API. This function runs in the content sandbox, requiring a second vulnerability to compromise a user's computer. This vulnerability affects Firefox ESR < 52.0.1 and Firefox < 52.0.1.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
precise
Released (52.0.1+build2-0ubuntu0.12.04.1)
trusty Does not exist
(trusty was released [52.0.1+build2-0ubuntu0.14.04.1])
upstream
Released (52.0.1)
xenial
Released (52.0.1+build2-0ubuntu0.16.04.1)
yakkety
Released (52.0.1+build2-0ubuntu0.16.10.1)
zesty
Released (52.0.1+build2-0ubuntu1)