CVE-2017-5444

Published: 20 April 2017

A buffer overflow vulnerability while parsing "application/http-index-format" format content when the header contains improperly formatted data. This allows for an out-of-bounds read of data from memory. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
Upstream
Released (53.0)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (53.0+build6-0ubuntu0.16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [53.0+build6-0ubuntu0.14.04.1])
thunderbird
Launchpad, Ubuntu, Debian
Upstream
Released (52.1.1)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (1:52.1.1+build1-0ubuntu0.16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [1:52.1.1+build1-0ubuntu0.14.04.1])