Out-of-Bounds in firefox | CVE-2017-5464

Q: How to fix?

Upgrade Oracle:6 firefox to version 0:52.1.0-2.0.1.el6_9 or higher. This issue was patched in ELSA-2017-1104 .

Threat Intelligence

0.48% (76^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-ORACLE6-FIREFOX-2513230
published10 Apr 2022
disclosed11 Jun 2018

Report a new vulnerability Found a mistake?

Introduced: 11 Jun 2018

CVE-2017-5464 (opens in a new tab) CWE-119 (opens in a new tab)

How to fix?

Upgrade Oracle:6 firefox to version 0:52.1.0-2.0.1.el6_9 or higher.
This issue was patched in ELSA-2017-1104.

NVD Description

Note: Versions mentioned in the description apply only to the upstream firefox package and not the firefox package as distributed by Oracle. See How to fix? for Oracle:6 relevant fixed versions and status.

During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Out-of-Bounds Affecting firefox package, versions <0:52.1.0-2.0.1.el6_9

Severity

Threat Intelligence

Do your applications use this vulnerable package?

Introduced: 11 Jun 2018

How to fix?

NVD Description

References