ByteOS Network

Vulnerability Details :

CVE-2017-5406

Assigner Org ID-f16b083a-5664-49f3-a51e-8d479e5ed7fe

Published At-11 Jun, 2018 | 21:00

Updated At-05 Aug, 2024 | 14:55

A segmentation fault can occur in the Skia graphics library during some canvas operations due to issues with mask/clip intersection and empty masks. This vulnerability affects Firefox < 52 and Thunderbird < 52.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:mozilla

Assigner Org ID:f16b083a-5664-49f3-a51e-8d479e5ed7fe

Published At:11 Jun, 2018 | 21:00

Updated At:05 Aug, 2024 | 14:55

▼CVE Numbering Authority (CNA)

Affected Products

Vendor

Mozilla Corporation

Product

Firefox

Versions

Affected

From unspecified before 52 (custom)

Vendor

Mozilla Corporation

Product

Thunderbird

Versions

Affected

From unspecified before 52 (custom)

Problem Types

Type	CWE ID	Description
text	N/A	Segmentation fault in Skia with canvas operations

Type: text

CWE ID: N/A

Description: Segmentation fault in Skia with canvas operations

References

Hyperlink	Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1306890	x_refsource_CONFIRM
https://www.mozilla.org/security/advisories/mfsa2017-09/	x_refsource_CONFIRM
https://www.mozilla.org/security/advisories/mfsa2017-05/	x_refsource_CONFIRM
http://www.securitytracker.com/id/1037966	vdb-entry x_refsource_SECTRACK
http://www.securityfocus.com/bid/96692	vdb-entry x_refsource_BID

Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1306890

Resource:

x_refsource_CONFIRM

Hyperlink: https://www.mozilla.org/security/advisories/mfsa2017-09/

Resource:

x_refsource_CONFIRM

Hyperlink: https://www.mozilla.org/security/advisories/mfsa2017-05/

Resource:

x_refsource_CONFIRM

Hyperlink: http://www.securitytracker.com/id/1037966

Resource:

vdb-entry

x_refsource_SECTRACK

Hyperlink: http://www.securityfocus.com/bid/96692

Resource:

vdb-entry

x_refsource_BID

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1306890	x_refsource_CONFIRM x_transferred
https://www.mozilla.org/security/advisories/mfsa2017-09/	x_refsource_CONFIRM x_transferred
https://www.mozilla.org/security/advisories/mfsa2017-05/	x_refsource_CONFIRM x_transferred
http://www.securitytracker.com/id/1037966	vdb-entry x_refsource_SECTRACK x_transferred
http://www.securityfocus.com/bid/96692	vdb-entry x_refsource_BID x_transferred

Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1306890

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: https://www.mozilla.org/security/advisories/mfsa2017-09/

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: https://www.mozilla.org/security/advisories/mfsa2017-05/

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: http://www.securitytracker.com/id/1037966

Resource:

vdb-entry

x_refsource_SECTRACK

x_transferred

Hyperlink: http://www.securityfocus.com/bid/96692

Resource:

vdb-entry

x_refsource_BID

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:security@mozilla.org

Published At:11 Jun, 2018 | 21:29

Updated At:07 Aug, 2018 | 11:40

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	7.5	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary	2.0	5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P

Type: Primary

Version: 3.0

Base score: 7.5

Base severity: HIGH

Vector:

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Type: Primary

Version: 2.0

Base score: 5.0

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:N/C:N/I:N/A:P

CPE Matches

Mozilla Corporation

>>firefox>>Versions before 52.0(exclusive)

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

Mozilla Corporation

>>thunderbird>>Versions before 52.0(exclusive)

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-119	Primary	nvd@nist.gov

CWE ID: CWE-119

Type: Primary

Source: nvd@nist.gov