usn-3175-1
Vulnerability from osv_ubuntu
Published
2017-01-27 21:57
Modified
2026-04-22 07:36
Summary
firefox vulnerabilities
Details

Multiple memory safety issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5373, CVE-2017-5374)

JIT code allocation can allow a bypass of ASLR protections in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5375)

Nicolas Grégoire discovered a use-after-free when manipulating XSL in XSLT documents in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5376)

Atte Kettunen discovered a memory corruption issue in Skia in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5377)

Jann Horn discovered that an object's address could be discovered through hashed codes of JavaScript objects shared between pages. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5378)

A use-after-free was discovered in Web Animations in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5379)

A use-after-free was discovered during DOM manipulation of SVG content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5380)

Jann Horn discovered that the "export" function in the Certificate Viewer can force local filesystem navigation when the Common Name contains slashes. If a user were tricked in to exporting a specially crafted certificate, an attacker could potentially exploit this to save content with arbitrary filenames in unsafe locations. (CVE-2017-5381)

Jerri Rice discovered that the Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content. An attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5382)

Armin Razmjou discovered that certain unicode glyphs do not trigger punycode display. An attacker could potentially exploit this to spoof the URL bar contents. (CVE-2017-5383)

Paul Stone and Alex Chapman discovered that the full URL path is exposed to JavaScript functions specified by Proxy Auto-Config (PAC) files. If a user has enabled Web Proxy Auto Detect (WPAD), an attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5384)

Muneaki Nishimura discovered that data sent in multipart channels will ignore the Referrer-Policy response headers. An attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5385)

Muneaki Nishimura discovered that WebExtensions can affect other extensions using the data: protocol. If a user were tricked in to installing a specially crafted addon, an attacker could potentially exploit this to obtain sensitive information or gain additional privileges. (CVE-2017-5386)

Mustafa Hasan discovered that the existence of local files can be determined using the element. An attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5387)

Cullen Jennings discovered that WebRTC can be used to generate large amounts of UDP traffic. An attacker could potentially exploit this to conduct Distributed Denial-of-Service (DDOS) attacks. (CVE-2017-5388)

Kris Maglione discovered that WebExtensions can use the mozAddonManager API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. If a user were tricked in to installing a specially crafted addon, an attacker could potentially exploit this to install additional addons without user permission. (CVE-2017-5389)

Jerri Rice discovered insecure communication methods in the Dev Tools JSON Viewer. An attacker could potentially exploit this to gain additional privileges. (CVE-2017-5390)

Jerri Rice discovered that about: pages used by content can load privileged about: pages in iframes. An attacker could potentially exploit this to gain additional privileges, in combination with a content-injection bug in one of those about: pages. (CVE-2017-5391)

Stuart Colville discovered that mozAddonManager allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. If a user were tricked in to installing a specially crafted addon, an attacker could potentially exploit this, in combination with a cross-site scripting (XSS) attack on Mozilla's AMO sites, to install additional addons. (CVE-2017-5393)

Filipe Gomes discovered a use-after-free in the media decoder in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5396)


{
  "affected": [
    {
      "database_specific": {
        "cves_map": {
          "cves": [
            {
              "id": "CVE-2017-5373",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2017-5374",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2017-5375",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2017-5376",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2017-5377",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2017-5378",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2017-5379",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2017-5380",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2017-5381",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2017-5382",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2017-5383",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2017-5384",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2017-5385",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2017-5386",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2017-5387",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2017-5388",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2017-5389",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2017-5390",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2017-5391",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2017-5393",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2017-5396",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            }
          ],
          "ecosystem": "Ubuntu:14.04:LTS"
        }
      },
      "ecosystem_specific": {
        "availability": "No subscription required",
        "binaries": [
          {
            "binary_name": "firefox",
            "binary_version": "51.0.1+build2-0ubuntu0.14.04.1"
          },
          {
            "binary_name": "firefox-globalmenu",
            "binary_version": "51.0.1+build2-0ubuntu0.14.04.1"
          },
          {
            "binary_name": "firefox-mozsymbols",
            "binary_version": "51.0.1+build2-0ubuntu0.14.04.1"
          },
          {
            "binary_name": "firefox-testsuite",
            "binary_version": "51.0.1+build2-0ubuntu0.14.04.1"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:14.04:LTS",
        "name": "firefox",
        "purl": "pkg:deb/ubuntu/firefox@51.0.1+build2-0ubuntu0.14.04.1?arch=source\u0026distro=trusty"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "51.0.1+build2-0ubuntu0.14.04.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "24.0+build1-0ubuntu1",
        "25.0+build3-0ubuntu0.13.10.1",
        "28.0~b2+build1-0ubuntu2",
        "28.0+build1-0ubuntu1",
        "28.0+build2-0ubuntu1",
        "28.0+build2-0ubuntu2",
        "29.0+build1-0ubuntu0.14.04.2",
        "30.0+build1-0ubuntu0.14.04.3",
        "31.0+build1-0ubuntu0.14.04.1",
        "32.0+build1-0ubuntu0.14.04.1",
        "32.0.3+build1-0ubuntu0.14.04.1",
        "33.0+build2-0ubuntu0.14.04.1",
        "34.0+build2-0ubuntu0.14.04.1",
        "35.0+build3-0ubuntu0.14.04.2",
        "35.0.1+build1-0ubuntu0.14.04.1",
        "36.0+build2-0ubuntu0.14.04.4",
        "36.0.1+build2-0ubuntu0.14.04.1",
        "36.0.4+build1-0ubuntu0.14.04.1",
        "37.0+build2-0ubuntu0.14.04.1",
        "37.0.1+build1-0ubuntu0.14.04.1",
        "37.0.2+build1-0ubuntu0.14.04.1",
        "38.0+build3-0ubuntu0.14.04.1",
        "39.0+build5-0ubuntu0.14.04.1",
        "39.0.3+build2-0ubuntu0.14.04.1",
        "40.0+build4-0ubuntu0.14.04.1",
        "40.0+build4-0ubuntu0.14.04.4",
        "40.0.3+build1-0ubuntu0.14.04.1",
        "41.0+build3-0ubuntu0.14.04.1",
        "41.0.1+build2-0ubuntu0.14.04.1",
        "41.0.2+build2-0ubuntu0.14.04.1",
        "42.0+build2-0ubuntu0.14.04.1",
        "43.0+build1-0ubuntu0.14.04.1",
        "43.0.4+build3-0ubuntu0.14.04.1",
        "44.0+build3-0ubuntu0.14.04.1",
        "44.0.1+build2-0ubuntu0.14.04.1",
        "44.0.2+build1-0ubuntu0.14.04.1",
        "45.0+build2-0ubuntu0.14.04.1",
        "45.0.1+build1-0ubuntu0.14.04.2",
        "45.0.2+build1-0ubuntu0.14.04.1",
        "46.0+build5-0ubuntu0.14.04.2",
        "46.0.1+build1-0ubuntu0.14.04.3",
        "47.0+build3-0ubuntu0.14.04.1",
        "48.0+build2-0ubuntu0.14.04.1",
        "49.0+build4-0ubuntu0.14.04.1",
        "49.0.2+build2-0ubuntu0.14.04.1",
        "50.0+build2-0ubuntu0.14.04.2",
        "50.0.2+build1-0ubuntu0.14.04.1",
        "50.1.0+build2-0ubuntu0.14.04.1"
      ]
    },
    {
      "database_specific": {
        "cves_map": {
          "cves": [
            {
              "id": "CVE-2017-5373",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2017-5374",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2017-5375",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2017-5376",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2017-5377",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2017-5378",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2017-5379",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2017-5380",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2017-5381",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2017-5382",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2017-5383",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2017-5384",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2017-5385",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2017-5386",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2017-5387",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2017-5388",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2017-5389",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2017-5390",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2017-5391",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2017-5393",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2017-5396",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            }
          ],
          "ecosystem": "Ubuntu:16.04:LTS"
        }
      },
      "ecosystem_specific": {
        "availability": "No subscription required",
        "binaries": [
          {
            "binary_name": "firefox",
            "binary_version": "51.0.1+build2-0ubuntu0.16.04.1"
          },
          {
            "binary_name": "firefox-globalmenu",
            "binary_version": "51.0.1+build2-0ubuntu0.16.04.1"
          },
          {
            "binary_name": "firefox-mozsymbols",
            "binary_version": "51.0.1+build2-0ubuntu0.16.04.1"
          },
          {
            "binary_name": "firefox-testsuite",
            "binary_version": "51.0.1+build2-0ubuntu0.16.04.1"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:16.04:LTS",
        "name": "firefox",
        "purl": "pkg:deb/ubuntu/firefox@51.0.1+build2-0ubuntu0.16.04.1?arch=source\u0026distro=xenial"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "51.0.1+build2-0ubuntu0.16.04.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "41.0.2+build2-0ubuntu1",
        "42.0+build2-0ubuntu1",
        "44.0+build3-0ubuntu2",
        "44.0.1+build1-0ubuntu1",
        "44.0.2+build1-0ubuntu1",
        "45.0+build2-0ubuntu1",
        "45.0.1+build1-0ubuntu1",
        "45.0.2+build1-0ubuntu1",
        "46.0+build5-0ubuntu0.16.04.2",
        "46.0.1+build1-0ubuntu0.16.04.2",
        "47.0+build3-0ubuntu0.16.04.1",
        "48.0+build2-0ubuntu0.16.04.1",
        "49.0+build4-0ubuntu0.16.04.1",
        "49.0.2+build2-0ubuntu0.16.04.2",
        "50.0+build2-0ubuntu0.16.04.2",
        "50.0.2+build1-0ubuntu0.16.04.1",
        "50.1.0+build2-0ubuntu0.16.04.1"
      ]
    }
  ],
  "aliases": [],
  "details": "Multiple memory safety issues were discovered in Firefox. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to cause a denial of service via application\ncrash, or execute arbitrary code. (CVE-2017-5373, CVE-2017-5374)\n\nJIT code allocation can allow a bypass of ASLR protections in some\ncircumstances. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial of\nservice via application crash, or execute arbitrary code. (CVE-2017-5375)\n\nNicolas Gr\u00e9goire discovered a use-after-free when manipulating XSL in\nXSLT documents in some circumstances. If a user were tricked in to opening\na specially crafted website, an attacker could potentially exploit this to\ncause a denial of service via application crash, or execute arbitrary\ncode. (CVE-2017-5376)\n\nAtte Kettunen discovered a memory corruption issue in Skia in some\ncircumstances. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial of\nservice via application crash, or execute arbitrary code. (CVE-2017-5377)\n\nJann Horn discovered that an object\u0027s address could be discovered through\nhashed codes of JavaScript objects shared between pages. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit this to obtain sensitive information. (CVE-2017-5378)\n\nA use-after-free was discovered in Web Animations in some circumstances.\nIf a user were tricked in to opening a specially crafted website, an\nattacker could potentially exploit this to cause a denial of service via\napplication crash, or execute arbitrary code. (CVE-2017-5379)\n\nA use-after-free was discovered during DOM manipulation of SVG content in\nsome circumstances. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit this to cause a\ndenial of service via application crash, or execute arbitrary code.\n(CVE-2017-5380)\n\nJann Horn discovered that the \"export\" function in the Certificate Viewer\ncan force local filesystem navigation when the Common Name contains\nslashes. If a user were tricked in to exporting a specially crafted\ncertificate, an attacker could potentially exploit this to save content\nwith arbitrary filenames in unsafe locations. (CVE-2017-5381)\n\nJerri Rice discovered that the Feed preview for RSS feeds can be used to\ncapture errors and exceptions generated by privileged content. An attacker\ncould potentially exploit this to obtain sensitive information.\n(CVE-2017-5382)\n\nArmin Razmjou discovered that certain unicode glyphs do not trigger\npunycode display. An attacker could potentially exploit this to spoof the\nURL bar contents. (CVE-2017-5383)\n\nPaul Stone and Alex Chapman discovered that the full URL path is exposed\nto JavaScript functions specified by Proxy Auto-Config (PAC) files. If a\nuser has enabled Web Proxy Auto Detect (WPAD), an attacker could\npotentially exploit this to obtain sensitive information. (CVE-2017-5384)\n\nMuneaki Nishimura discovered that data sent in multipart channels will\nignore the Referrer-Policy response headers. An attacker could potentially\nexploit this to obtain sensitive information. (CVE-2017-5385)\n\nMuneaki Nishimura discovered that WebExtensions can affect other\nextensions using the data: protocol. If a user were tricked in to\ninstalling a specially crafted addon, an attacker could potentially\nexploit this to obtain sensitive information or gain additional\nprivileges. (CVE-2017-5386)\n\nMustafa Hasan discovered that the existence of local files can be\ndetermined using the \u003ctrack\u003e element. An attacker could potentially\nexploit this to obtain sensitive information. (CVE-2017-5387)\n\nCullen Jennings discovered that WebRTC can be used to generate large\namounts of UDP traffic. An attacker could potentially exploit this to\nconduct Distributed Denial-of-Service (DDOS) attacks. (CVE-2017-5388)\n\nKris Maglione discovered that WebExtensions can use the mozAddonManager\nAPI by modifying the CSP headers on sites with the appropriate permissions\nand then using host requests to redirect script loads to a malicious site.\nIf a user were tricked in to installing a specially crafted addon, an\nattacker could potentially exploit this to install additional addons\nwithout user permission. (CVE-2017-5389)\n\nJerri Rice discovered insecure communication methods in the Dev Tools JSON\nViewer. An attacker could potentially exploit this to gain additional\nprivileges. (CVE-2017-5390)\n\nJerri Rice discovered that about: pages used by content can load\nprivileged about: pages in iframes. An attacker could potentially exploit\nthis to gain additional privileges, in combination with a\ncontent-injection bug in one of those about: pages. (CVE-2017-5391)\n\nStuart Colville discovered that mozAddonManager allows for the\ninstallation of extensions from the CDN for addons.mozilla.org, a publicly\naccessible site. If a user were tricked in to installing a specially\ncrafted addon, an attacker could potentially exploit this, in combination\nwith a cross-site scripting (XSS) attack on Mozilla\u0027s AMO sites, to\ninstall additional addons. (CVE-2017-5393)\n\nFilipe Gomes discovered a use-after-free in the media decoder in some\ncircumstances. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial of\nservice via application crash, or execute arbitrary code. (CVE-2017-5396)\n",
  "id": "USN-3175-1",
  "modified": "2026-04-22T07:36:33Z",
  "published": "2017-01-27T21:57:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://ubuntu.com/security/notices/USN-3175-1"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2017-5373"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2017-5374"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2017-5375"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2017-5376"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2017-5377"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2017-5378"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2017-5379"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2017-5380"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2017-5381"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2017-5382"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2017-5383"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2017-5384"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2017-5385"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2017-5386"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2017-5387"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2017-5388"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2017-5389"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2017-5390"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2017-5391"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2017-5393"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2017-5396"
    }
  ],
  "related": [],
  "schema_version": "1.7.0",
  "summary": "firefox vulnerabilities",
  "upstream": [
    "UBUNTU-CVE-2017-5373",
    "UBUNTU-CVE-2017-5374",
    "UBUNTU-CVE-2017-5375",
    "UBUNTU-CVE-2017-5376",
    "UBUNTU-CVE-2017-5377",
    "UBUNTU-CVE-2017-5378",
    "UBUNTU-CVE-2017-5379",
    "UBUNTU-CVE-2017-5380",
    "UBUNTU-CVE-2017-5381",
    "UBUNTU-CVE-2017-5382",
    "UBUNTU-CVE-2017-5383",
    "UBUNTU-CVE-2017-5384",
    "UBUNTU-CVE-2017-5385",
    "UBUNTU-CVE-2017-5386",
    "UBUNTU-CVE-2017-5387",
    "UBUNTU-CVE-2017-5388",
    "UBUNTU-CVE-2017-5389",
    "UBUNTU-CVE-2017-5390",
    "UBUNTU-CVE-2017-5391",
    "UBUNTU-CVE-2017-5393",
    "UBUNTU-CVE-2017-5396"
  ]
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…