Out-of-bounds Read in firefox | CVE-2017-5446

Q: How to fix?

Upgrade Oracle:6 firefox to version 0:52.1.0-2.0.1.el6_9 or higher. This issue was patched in ELSA-2017-1104 .

Threat Intelligence

0.33% (71^st percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-ORACLE6-FIREFOX-2513075
published10 Apr 2022
disclosed11 Jun 2018

Report a new vulnerability Found a mistake?

Introduced: 11 Jun 2018

CVE-2017-5446 (opens in a new tab) CWE-125 (opens in a new tab)

How to fix?

Upgrade Oracle:6 firefox to version 0:52.1.0-2.0.1.el6_9 or higher.
This issue was patched in ELSA-2017-1104.

NVD Description

Note: Versions mentioned in the description apply only to the upstream firefox package and not the firefox package as distributed by Oracle. See How to fix? for Oracle:6 relevant fixed versions and status.

An out-of-bounds read when an HTTP/2 connection to a servers sends "DATA" frames with incorrect data content. This leads to a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Out-of-bounds Read Affecting firefox package, versions <0:52.1.0-2.0.1.el6_9

Severity

Threat Intelligence

Do your applications use this vulnerable package?

Introduced: 11 Jun 2018

How to fix?

NVD Description

References