CVE-2017-5445

Published: 20 April 2017

A vulnerability while parsing "application/http-index-format" format content where uninitialized values are used to create an array. This could allow the reading of uninitialized memory into the arrays affected. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
Upstream
Released (53.0)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (53.0+build6-0ubuntu0.16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [53.0+build6-0ubuntu0.14.04.1])
thunderbird
Launchpad, Ubuntu, Debian
Upstream
Released (52.1.1)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (1:52.1.1+build1-0ubuntu0.16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [1:52.1.1+build1-0ubuntu0.14.04.1])