CVE-2017-5392
Published: 11 June 2018
Weak proxy objects have weak references on multiple threads when they should only have them on one, resulting in incorrect memory usage and corruption, which leads to potentially exploitable crashes. Note: This issue only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 51.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
firefox Launchpad, Ubuntu, Debian |
precise |
Not vulnerable
(only affects Firefox for Android)
|
| trusty |
Does not exist
(trusty was not-affected [only affects Firefox for Android])
|
|
| upstream |
Released
(51)
|
|
| xenial |
Not vulnerable
(only affects Firefox for Android)
|
|
| yakkety |
Not vulnerable
(only affects Firefox for Android)
|
|
|
thunderbird Launchpad, Ubuntu, Debian |
precise |
Not vulnerable
|
| trusty |
Does not exist
(trusty was not-affected)
|
|
| upstream |
Not vulnerable
|
|
| xenial |
Not vulnerable
|
|
| yakkety |
Not vulnerable
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 9.8 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |