9.8

CVE-2017-5433

Exploit

A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Data is provided by the National Vulnerability Database (NVD)
DebianDebian Linux Version8.0
RedhatEnterprise Linux Version6.0
RedhatEnterprise Linux Version7.0
MozillaFirefox Version < 53.0
MozillaFirefox Version52.0
MozillaFirefox ESR Version < 45.9.0
MozillaThunderbird Version < 52.1.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 2.02% 0.83
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

http://www.securitytracker.com/id/1038320
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/97940
Third Party Advisory
VDB Entry
https://bugzilla.mozilla.org/show_bug.cgi?id=1347168
Patch
Vendor Advisory
Exploit
Issue Tracking