CVE-2017-5422: Input Validation

Reference Links

• https://bugzilla.mozilla.org/show_bug.cgi?id=1295002
• https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/
• https://www.mozilla.org/en-US/security/advisories/mfsa2017-09/
• http://www.securityfocus.com/bid/96692
• http://www.securitytracker.com/id/1037966
• https://www.mozilla.org/security/advisories/mfsa2017-05/
• https://www.mozilla.org/security/advisories/mfsa2017-09/

Parent vulnerabilities

(Appears in the following advisories)

• MFSA2017-05
• MFSA2017-09

Peer vulnerabilities

(Found alongside the following vulnerabilities)

• CVE-2017-5400
• CVE-2017-5401
• CVE-2017-5402
• CVE-2017-5403
• CVE-2017-5404
• CVE-2017-5406
• CVE-2017-5407
• CVE-2017-5410
• CVE-2017-5411
• CVE-2017-5409
• CVE-2017-5408
• CVE-2017-5412
• CVE-2017-5413
• CVE-2017-5414
• CVE-2017-5415
• CVE-2017-5416
• CVE-2017-5417
• CVE-2017-5425
• CVE-2017-5426
• CVE-2017-5427
• CVE-2017-5418
• CVE-2017-5419
• CVE-2017-5420
• CVE-2017-5405
• CVE-2017-5421
• CVE-2017-5422
• CVE-2017-5399
• CVE-2017-5398

Frequently Asked Questions

• What is the severity of CVE-2017-5422?

  CVE-2017-5422 has been classified as a low-severity vulnerability that can cause a non-exploitable browser crash.

• How do I fix CVE-2017-5422?

  To address CVE-2017-5422, users should upgrade to a version of Firefox or Thunderbird that is 52.0 or later.

• Which software versions are affected by CVE-2017-5422?

  CVE-2017-5422 affects Mozilla Firefox and Thunderbird versions prior to 52.0.

• What is the nature of the vulnerability described in CVE-2017-5422?

  CVE-2017-5422 involves a malicious site exploiting the view-source protocol to trigger a crash in the browser.

• Has CVE-2017-5422 been resolved?

  Yes, the vulnerability has been resolved by preventing the view-source protocol from being linkable.