VDB
CVE-2017-5428
CVE-2017-5428
PUBLISHED
An integer overflow in "createImageBitmap()" was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the "createImageBitmap" API. This function runs in the content sandbox, requiring a second vulnerability to compromise a user's computer. This vulnerability affects Firefox ESR < 52.0.1 and Firefox < 52.0.1.
EPSS 0.37% · 59.2th percentile
Risk Scores
EPSS Score
0.37%
59.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:14.04:LTS | firefox | 0, 28.0~b2+build1-0ubuntu2, 28.0+build1-0ubuntu1 |
| Ubuntu:16.04:LTS | firefox | 0, 41.0.2+build2-0ubuntu1, 44.0+build3-0ubuntu2 |
Exploit Intelligence
Timeline
- Mar 19, 2017 CVE Published
- Apr 14, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 11, 2023 EPSS Score
- May 13, 2023 EPSS Score
- Jun 5, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2017-5428 third-party-advisory
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-08/#CVE-2017-5428 third-party-advisory
- https://ubuntu.com/security/notices/USN-3238-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2017-5428 third-party-advisory