CVE-2017-5399: Buffer Overflow
First published: Tue Mar 07 2017(Updated: )
Mozilla developers and community members Carsten Book, Calixte Denizet, Christian Holler, Andrew McCreight, David Bolter, David Keeler, Jon Coppeard, Tyson Smith, Ronald Crane, Tooru Fujisawa, Ben Kelly, Bob Owen, Jed Davis, Julian Seward, Julian Hector, Philipp, Markus Stange, and André Bargull reported memory safety bugs present in Firefox 51. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.
Credit: security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Firefox | <52 | 52 |
| Thunderbird | <52 | 52 |
| Firefox | <52.0 | |
| Thunderbird | <52.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1332569%2C1315248%2C1261335%2C1321038%2C1331771%2C1339566%2C1339591%2C1240893%2C1341905%2C1323241%2C1336467%2C1270288%2C1295299%2C1296024%2C1304201%2C1306142%2C1307557%2C1308036%2C1334246%2C1334290%2C1317085%2C1339116%2C1324000%2C1323150%2C1332501%2C1320894%2C1333752%2C1303713%2C1321566%2C1264053%2C1343513
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-09/
- http://www.securityfocus.com/bid/96692
- http://www.securitytracker.com/id/1037966
- https://www.mozilla.org/security/advisories/mfsa2017-05/
- https://www.mozilla.org/security/advisories/mfsa2017-09/
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2017-5400
- CVE-2017-5401
- CVE-2017-5402
- CVE-2017-5403
- CVE-2017-5404
- CVE-2017-5406
- CVE-2017-5407
- CVE-2017-5410
- CVE-2017-5411
- CVE-2017-5409
- CVE-2017-5408
- CVE-2017-5412
- CVE-2017-5413
- CVE-2017-5414
- CVE-2017-5415
- CVE-2017-5416
- CVE-2017-5417
- CVE-2017-5425
- CVE-2017-5426
- CVE-2017-5427
- CVE-2017-5418
- CVE-2017-5419
- CVE-2017-5420
- CVE-2017-5405
- CVE-2017-5421
- CVE-2017-5422
- CVE-2017-5399
- CVE-2017-5398
Frequently Asked Questions
What is the severity of CVE-2017-5399?
CVE-2017-5399 is classified as a moderate severity vulnerability affecting certain versions of Mozilla Firefox and Thunderbird.
How do I fix CVE-2017-5399?
To fix CVE-2017-5399, upgrade to a version of Mozilla Firefox or Thunderbird that is 52 or later.
What are the affected versions for CVE-2017-5399?
CVE-2017-5399 affects Mozilla Firefox and Thunderbird versions up to and excluding 52.
What types of products are impacted by CVE-2017-5399?
CVE-2017-5399 impacts Mozilla products, specifically Firefox and Thunderbird.
Who are the contributors that reported CVE-2017-5399?
CVE-2017-5399 was reported by Mozilla developers and community members such as Carsten Book, Christian Holler, and Julian Seward.
- agent/type
- agent/first-publish-date
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- collector/mozilla-advisory
- agent/software-canonical-lookup-request
- source/Mozilla
- agent/software-canonical-lookup
- collector/nvd-index
- agent/softwarecombine
- agent/tags
- vendor/mozilla
- canonical/firefox
- canonical/thunderbird