CVE-2017-5418
Published: 7 March 2017
An out of bounds read error occurs when parsing some HTTP digest authorization responses, resulting in information leakage through the reading of random memory containing matches to specifically set patterns. This vulnerability affects Firefox < 52 and Thunderbird < 52.
Priority
Status
Package | Release | Status |
---|---|---|
firefox Launchpad, Ubuntu, Debian |
precise |
Released
(52.0+build2-0ubuntu0.12.04.1)
|
trusty |
Released
(52.0+build2-0ubuntu0.14.04.1)
|
|
upstream |
Released
(52.0)
|
|
xenial |
Released
(52.0+build2-0ubuntu0.16.04.1)
|
|
yakkety |
Released
(52.0+build2-0ubuntu0.16.10.1)
|
|
zesty |
Released
(52.0.1+build2-0ubuntu1)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 5.3 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | Low |
Integrity impact | None |
Availability impact | None |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |