Out-of-Bounds in firefox | CVE-2017-5444

Q: How to fix?

Upgrade Oracle:6 firefox to version 0:52.1.0-2.0.1.el6_9 or higher. This issue was patched in ELSA-2017-1104 .

Threat Intelligence

4.13% (93^rd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-ORACLE6-FIREFOX-2513014
published10 Apr 2022
disclosed11 Jun 2018

Report a new vulnerability Found a mistake?

Introduced: 11 Jun 2018

CVE-2017-5444 (opens in a new tab) CWE-119 (opens in a new tab)

How to fix?

Upgrade Oracle:6 firefox to version 0:52.1.0-2.0.1.el6_9 or higher.
This issue was patched in ELSA-2017-1104.

NVD Description

Note: Versions mentioned in the description apply only to the upstream firefox package and not the firefox package as distributed by Oracle. See How to fix? for Oracle:6 relevant fixed versions and status.

A buffer overflow vulnerability while parsing "application/http-index-format" format content when the header contains improperly formatted data. This allows for an out-of-bounds read of data from memory. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Out-of-Bounds Affecting firefox package, versions <0:52.1.0-2.0.1.el6_9

Severity

Threat Intelligence

Do your applications use this vulnerable package?

Introduced: 11 Jun 2018

How to fix?

NVD Description

References