CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
97.6%
Severity: Critical
Date : 2017-04-21
CVE-ID : CVE-2017-5429 CVE-2017-5430 CVE-2017-5432 CVE-2017-5433
CVE-2017-5434 CVE-2017-5435 CVE-2017-5436 CVE-2017-5437
CVE-2017-5438 CVE-2017-5439 CVE-2017-5440 CVE-2017-5441
CVE-2017-5442 CVE-2017-5443 CVE-2017-5444 CVE-2017-5445
CVE-2017-5446 CVE-2017-5447 CVE-2017-5448 CVE-2017-5449
CVE-2017-5451 CVE-2017-5453 CVE-2017-5454 CVE-2017-5455
CVE-2017-5456 CVE-2017-5458 CVE-2017-5459 CVE-2017-5460
CVE-2017-5461 CVE-2017-5464 CVE-2017-5465 CVE-2017-5466
CVE-2017-5467 CVE-2017-5468 CVE-2017-5469
Package : firefox
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-249
The package firefox before version 53.0-1 is vulnerable to multiple
issues including arbitrary code execution, cross-site scripting, access
restriction bypass, arbitrary filesystem access, denial of service,
information disclosure and content spoofing.
Upgrade to 53.0-1.
The problems have been fixed upstream in version 53.0.
None.
Mozilla developers and community members Christian Holler, Jon
Coppeard, Marcia Knous, David Baron, Mats Palmgren, Ronald Crane, Bob
Clary, and Chris Peterson reported memory safety bugs present in
Firefox 52, Firefox ESR 45.8, and Firefox ESR 52. Some of these bugs
showed evidence of memory corruption and we presume that with enough
effort that some of these could be exploited to run arbitrary code.
Mozilla developers and community members Christian Holler, Jon
Coppeard, Milan Sreckovic, Tyson Smith, Ronald Crane, Randell Jesup,
Philipp, Tooru Fujisawa, and Kan-Ru Chen reported memory safety bugs
present in Firefox 52 and Firefox ESR 52. Some of these bugs showed
evidence of memory corruption and we presume that with enough effort
that some of these could be exploited to run arbitrary code.
A use-after-free vulnerability has been found in Firefox < 53. It
occurs during certain text input selection and results in a potentially
exploitable crash.
A use-after-free vulnerability has been found in Firefox < 53, It
occurs in SMIL animation functions when pointers to animation elements
in an array are dropped from the animation controller while still in
use. This results in a potentially exploitable crash.
A use-after-free vulnerability has been found in Firefox < 53. It
occurs when redirecting focus handling and results in a potentially
exploitable crash.
A use-after-free vulnerability has been found in Firefox < 53. It
occurs during transaction processing in the editor during design mode
interactions and results in a potentially exploitable crash.
An out-of-bounds write has been found in the Graphite 2 library,
triggered with a maliciously crafted Graphite font. This results in a
potentially exploitable crash. This issue was fixed in the Graphite 2
library as well as Mozilla products.
Three vulnerabilities were reported in the Libevent library that allow
for out-of-bounds reads and denial of service (DoS) attacks:
CVE-2016-10195, CVE-2016-10196, and CVE-2016-10197. These were fixed in
the Libevent library and these changes were ported to Mozilla code in
Firefox 53.
A use-after-free vulnerability has been found in Firefox < 53, during
XSLT processing due to the result handler being held by a freed handler
during handling. This results in a potentially exploitable crash.
A use-after-free vulnerability has been found in Firefox < 53, during
XSLT processing due to poor handling of template parameters. This
results in a potentially exploitable crash.
A use-after-free vulnerability has been found in Firefox < 53, during
XSLT processing due to a failure to propagate error conditions during
matching while evaluating context, leading to objects being used when
they no longer exist. This results in a potentially exploitable crash.
A use-after-free vulnerability when holding a selection during scroll
events has been found in Firefox < 53. This results in a potentially
exploitable crash.
A use-after-free vulnerability during changes in style when
manipulating DOM elements has been found in Firefox < 53. This results
in a potentially exploitable crash.
An out-of-bounds write vulnerability has been found in Firefox < 53,
while decoding improperly formed BinHex format archives.
A buffer overflow vulnerability has been found in Firefox < 53, while
parsing application/http-index-format format content when the header
contains improperly formatted data. This allows for an out-of-bounds
read of data from memory.
A vulnerability has been found in Firefox < 53, while parsing
application/http-index-format format content where uninitialized values
are used to create an array. This could allow the reading of
uninitialized memory into the arrays affected.
An out-of-bounds read has been found in Firefox < 53, when an HTTP/2
connection to a servers sends DATA frames with incorrect data content.
This leads to a potentially exploitable crash.
An out-of-bounds read has been found in Firefox < 53, during the
processing of glyph widths while rendering text layout. This results in
a potentially exploitable crash and could allow an attacker to read
otherwise inaccessible memory.
A security issue has been found in Firefox < 53, an out-of-bounds write
in ClearKeyDecryptor while decrypting some Clearkey-encrypted media
content. The ClearKeyDecryptor code runs within the Gecko Media Plugin
(GMP) sandbox. If a second mechanism is found to escape the sandbox,
this vulnerability allows for the writing of arbitrary data within
memory, resulting in a potentially exploitable crash.
A possibly exploitable crash has been found in Firefox < 53, triggered
during layout and manipulation of bidirectional unicode text in concert
with CSS animations.
A security issue has been found in Firefox < 53, allowing to spoof the
addressbar through the user interaction on the addressbar and the
onblur event. The event could be used by script to affect text display
to make the loaded site appear to be different from the one actually
loaded within the addressbar.
A security issue has been found in Firefox < 53, allowing to inject
static HTML into the RSS reader preview page due to a failure to escape
characters sent as URL parameters for a feed’s TITLE element. This
vulnerability allows for spoofing but no scripted content can be run.
A security issue has been found in Firefox < 53, allowing to bypass
file system access protections in the sandbox to use the file picker to
access different files than those selected in the file picker through
the use of relative paths. This allows for read only access to the
local file system.
A security issue has been found in Firefox < 53. The internal feed
reader APIs that crossed the sandbox barrier allowed for a sandbox
escape and escalation of privilege if combined with another
vulnerability that resulted in remote code execution inside the
sandboxed process.
A security issue has been found in Firefox < 53, allowing to bypass
file system access protections in the sandbox using the file system
request constructor through an IPC message. This allows for read and
write access to the local file system.
An issue has been found in Firefox < 53. When a javascript: URL is drag
and dropped by a user into the addressbar, the URL will be processed
and executed. This allows for users to be socially engineered to
execute an XSS attack on themselves.
A buffer overflow has been found in the WebGL part of Firefox < 53.
It’s triggerable by web content, resulting in a potentially exploitable
crash.
A use-after-free vulnerability has been found in Firefox < 53. It’s
located in frame selection, triggered by a combination of malicious
script content and key presses by a user. This results in a potentially
exploitable crash.
An out-of-bounds write during Base64 decoding operation has been found
in the Network Security Services (NSS) library due to insufficient
memory being allocated to the buffer.
An attacker could use this flaw to create a specially crafted
certificate which, when parsed by NSS, could cause it to crash or
execute arbitrary code, using the permissions of the user running an
application compiled against the NSS library. The issue has been fixed
in releases 3.29.5 and 3.30.1.
A security issue has been found in Firefox < 53. During DOM
manipulations of the accessibility tree through script, the DOM tree
can become out of sync with the accessibility tree, leading to memory
corruption and a potentially exploitable crash.
An out-of-bounds read has been found in Firefox < 53, while processing
SVG content in ConvolvePixel. This results in a crash and also allows
for otherwise inaccessible memory being copied into SVG graphic
content, which could then displayed.
An origin confusion issue has been found in Firefox < 53. If a page is
loaded from an original site through a hyperlink and contains a
redirect to a data:text/html URL, triggering a reload will run the
reloaded data:text/html page with its origin set incorrectly. This
allows for a cross-site scripting (XSS) attack.
A potential memory corruption and crash has been found in Firefox < 53,
when using Skia content when drawing content outside of the bounds of a
clipping region.
An issue with incorrect ownership model of privateBrowsing information
exposed through developer tools has been found in Firefox < 53. This
can result in a non-exploitable crash when manually triggered during
debugging.
Several potential buffer overflows in generated code, due to the
CVE-2016-6354 issue in Flex, have been fixed in Firefox 53.
A remote attacker can spoof content, bypass access restrictions, access
arbitrary files and sensitive information, crash the application and
execute arbitrary code on the affected host.
https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/
https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5429
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1343261%2C1350844%2C1341096%2C1342823%2C1348894%2C1348941%2C1349340%2C1352926%2C1353088%2C
https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5430
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1342101%2C1340482%2C1344686%2C1329796%2C1346419%2C1349621%2C1344081%2C1344305%2C1348143%2C1349719%2C1353476%2C1337418%2C1346140%2C1339722
https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5432
https://bugzilla.mozilla.org/show_bug.cgi?id=1346654
https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5433
https://bugzilla.mozilla.org/show_bug.cgi?id=1347168
https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5434
https://bugzilla.mozilla.org/show_bug.cgi?id=1349946
https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5435
https://bugzilla.mozilla.org/show_bug.cgi?id=1350683
https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5436
https://bugzilla.mozilla.org/show_bug.cgi?id=1345461
https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5437
https://bugzilla.mozilla.org/show_bug.cgi?id=1343453
https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5438
https://bugzilla.mozilla.org/show_bug.cgi?id=1336828
https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5439
https://bugzilla.mozilla.org/show_bug.cgi?id=1336830
https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5440
https://bugzilla.mozilla.org/show_bug.cgi?id=1336832
https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5441
https://bugzilla.mozilla.org/show_bug.cgi?id=1343795
https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5442
https://bugzilla.mozilla.org/show_bug.cgi?id=1347979
https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5443
https://bugzilla.mozilla.org/show_bug.cgi?id=1342661
https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5444
https://bugzilla.mozilla.org/show_bug.cgi?id=1344461
https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5445
https://bugzilla.mozilla.org/show_bug.cgi?id=1344467
https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5446
https://bugzilla.mozilla.org/show_bug.cgi?id=1343505
https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5447
https://bugzilla.mozilla.org/show_bug.cgi?id=1343552
https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5448
https://bugzilla.mozilla.org/show_bug.cgi?id=1346648
https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5449
https://bugzilla.mozilla.org/show_bug.cgi?id=1340127
https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5451
https://bugzilla.mozilla.org/show_bug.cgi?id=1273537
https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5453
https://bugzilla.mozilla.org/show_bug.cgi?id=1321247
https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5454
https://bugzilla.mozilla.org/show_bug.cgi?id=1349276
https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5455
https://bugzilla.mozilla.org/show_bug.cgi?id=1341191
https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5456
https://bugzilla.mozilla.org/show_bug.cgi?id=1344415
https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5458
https://bugzilla.mozilla.org/show_bug.cgi?id=1229426
https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5459
https://bugzilla.mozilla.org/show_bug.cgi?id=1333858
https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5460
https://bugzilla.mozilla.org/show_bug.cgi?id=1343642
https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5461
https://bugzilla.mozilla.org/show_bug.cgi?id=1344380
https://hg.mozilla.org/projects/nss/rev/ac34db053672
https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5464
https://bugzilla.mozilla.org/show_bug.cgi?id=1347075
https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5465
https://bugzilla.mozilla.org/show_bug.cgi?id=1347617
https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5466
https://bugzilla.mozilla.org/show_bug.cgi?id=1353975
https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5467
https://bugzilla.mozilla.org/show_bug.cgi?id=1347262
https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5468
https://bugzilla.mozilla.org/show_bug.cgi?id=1329521
https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5469
https://bugzilla.mozilla.org/show_bug.cgi?id=1292534
https://security.archlinux.org/CVE-2017-5429
https://security.archlinux.org/CVE-2017-5430
https://security.archlinux.org/CVE-2017-5432
https://security.archlinux.org/CVE-2017-5433
https://security.archlinux.org/CVE-2017-5434
https://security.archlinux.org/CVE-2017-5435
https://security.archlinux.org/CVE-2017-5436
https://security.archlinux.org/CVE-2017-5437
https://security.archlinux.org/CVE-2017-5438
https://security.archlinux.org/CVE-2017-5439
https://security.archlinux.org/CVE-2017-5440
https://security.archlinux.org/CVE-2017-5441
https://security.archlinux.org/CVE-2017-5442
https://security.archlinux.org/CVE-2017-5443
https://security.archlinux.org/CVE-2017-5444
https://security.archlinux.org/CVE-2017-5445
https://security.archlinux.org/CVE-2017-5446
https://security.archlinux.org/CVE-2017-5447
https://security.archlinux.org/CVE-2017-5448
https://security.archlinux.org/CVE-2017-5449
https://security.archlinux.org/CVE-2017-5451
https://security.archlinux.org/CVE-2017-5453
https://security.archlinux.org/CVE-2017-5454
https://security.archlinux.org/CVE-2017-5455
https://security.archlinux.org/CVE-2017-5456
https://security.archlinux.org/CVE-2017-5458
https://security.archlinux.org/CVE-2017-5459
https://security.archlinux.org/CVE-2017-5460
https://security.archlinux.org/CVE-2017-5461
https://security.archlinux.org/CVE-2017-5464
https://security.archlinux.org/CVE-2017-5465
https://security.archlinux.org/CVE-2017-5466
https://security.archlinux.org/CVE-2017-5467
https://security.archlinux.org/CVE-2017-5468
https://security.archlinux.org/CVE-2017-5469
bugzilla.mozilla.org/buglist.cgi?bug_id=1342101%2C1340482%2C1344686%2C1329796%2C1346419%2C1349621%2C1344081%2C1344305%2C1348143%2C1349719%2C1353476%2C1337418%2C1346140%2C1339722
bugzilla.mozilla.org/buglist.cgi?bug_id=1343261%2C1350844%2C1341096%2C1342823%2C1348894%2C1348941%2C1349340%2C1352926%2C1353088%2C
bugzilla.mozilla.org/show_bug.cgi?id=1229426
bugzilla.mozilla.org/show_bug.cgi?id=1273537
bugzilla.mozilla.org/show_bug.cgi?id=1292534
bugzilla.mozilla.org/show_bug.cgi?id=1321247
bugzilla.mozilla.org/show_bug.cgi?id=1329521
bugzilla.mozilla.org/show_bug.cgi?id=1333858
bugzilla.mozilla.org/show_bug.cgi?id=1336828
bugzilla.mozilla.org/show_bug.cgi?id=1336830
bugzilla.mozilla.org/show_bug.cgi?id=1336832
bugzilla.mozilla.org/show_bug.cgi?id=1340127
bugzilla.mozilla.org/show_bug.cgi?id=1341191
bugzilla.mozilla.org/show_bug.cgi?id=1342661
bugzilla.mozilla.org/show_bug.cgi?id=1343453
bugzilla.mozilla.org/show_bug.cgi?id=1343505
bugzilla.mozilla.org/show_bug.cgi?id=1343552
bugzilla.mozilla.org/show_bug.cgi?id=1343642
bugzilla.mozilla.org/show_bug.cgi?id=1343795
bugzilla.mozilla.org/show_bug.cgi?id=1344380
bugzilla.mozilla.org/show_bug.cgi?id=1344415
bugzilla.mozilla.org/show_bug.cgi?id=1344461
bugzilla.mozilla.org/show_bug.cgi?id=1344467
bugzilla.mozilla.org/show_bug.cgi?id=1345461
bugzilla.mozilla.org/show_bug.cgi?id=1346648
bugzilla.mozilla.org/show_bug.cgi?id=1346654
bugzilla.mozilla.org/show_bug.cgi?id=1347075
bugzilla.mozilla.org/show_bug.cgi?id=1347168
bugzilla.mozilla.org/show_bug.cgi?id=1347262
bugzilla.mozilla.org/show_bug.cgi?id=1347617
bugzilla.mozilla.org/show_bug.cgi?id=1347979
bugzilla.mozilla.org/show_bug.cgi?id=1349276
bugzilla.mozilla.org/show_bug.cgi?id=1349946
bugzilla.mozilla.org/show_bug.cgi?id=1350683
bugzilla.mozilla.org/show_bug.cgi?id=1353975
hg.mozilla.org/projects/nss/rev/ac34db053672
security.archlinux.org/AVG-249
security.archlinux.org/CVE-2017-5429
security.archlinux.org/CVE-2017-5430
security.archlinux.org/CVE-2017-5432
security.archlinux.org/CVE-2017-5433
security.archlinux.org/CVE-2017-5434
security.archlinux.org/CVE-2017-5435
security.archlinux.org/CVE-2017-5436
security.archlinux.org/CVE-2017-5437
security.archlinux.org/CVE-2017-5438
security.archlinux.org/CVE-2017-5439
security.archlinux.org/CVE-2017-5440
security.archlinux.org/CVE-2017-5441
security.archlinux.org/CVE-2017-5442
security.archlinux.org/CVE-2017-5443
security.archlinux.org/CVE-2017-5444
security.archlinux.org/CVE-2017-5445
security.archlinux.org/CVE-2017-5446
security.archlinux.org/CVE-2017-5447
security.archlinux.org/CVE-2017-5448
security.archlinux.org/CVE-2017-5449
security.archlinux.org/CVE-2017-5451
security.archlinux.org/CVE-2017-5453
security.archlinux.org/CVE-2017-5454
security.archlinux.org/CVE-2017-5455
security.archlinux.org/CVE-2017-5456
security.archlinux.org/CVE-2017-5458
security.archlinux.org/CVE-2017-5459
security.archlinux.org/CVE-2017-5460
security.archlinux.org/CVE-2017-5461
security.archlinux.org/CVE-2017-5464
security.archlinux.org/CVE-2017-5465
security.archlinux.org/CVE-2017-5466
security.archlinux.org/CVE-2017-5467
security.archlinux.org/CVE-2017-5468
security.archlinux.org/CVE-2017-5469
www.mozilla.org/en-US/security/advisories/mfsa2017-10/
www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5429
www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5430
www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5432
www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5433
www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5434
www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5435
www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5436
www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5437
www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5438
www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5439
www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5440
www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5441
www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5442
www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5443
www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5444
www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5445
www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5446
www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5447
www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5448
www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5449
www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5451
www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5453
www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5454
www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5455
www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5456
www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5458
www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5459
www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5460
www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5461
www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5464
www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5465
www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5466
www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5467
www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5468
www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5469
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
97.6%