Lucene search
AnonymousZDI-17-320HistoryMay 03, 2017 - 12:00 a.m.
Mozilla Firefox ClearKeyDecryptor Integer Overflow Remote Code Execution Vulnerability
2017-05-0300:00:00
Anonymous
www.zerodayinitiative.com
35
0.011 Low
EPSS
Percentile
84.7%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of ClearKey encrypted media. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute arbitrary code under the context of the plugin-container container process.
Related
cve
cve
CVE-2017-5448
2018-06-11 21:29:06
debiancve
debiancve
CVE-2017-5448
2018-06-11 21:29:06
redhatcve
redhatcve
CVE-2017-5448
2017-04-20 06:18:51
cvelist
cvelist
CVE-2017-5448
2018-06-11 21:00:00
veracode
veracode
Out-of-bounds Write
2019-05-02 06:10:07
ubuntucve
ubuntucve
CVE-2017-5448
2017-04-20 00:00:00
prion
prion
Design/Logic Flaw
2018-06-11 21:29:00
nvd
nvd
CVE-2017-5448
2018-06-11 21:29:06
suse
suse
Security update for Mozilla Firefox (important)
2017-04-25 00:08:46
Security update for MozillaFirefox, mozilla-nss, mozilla-nspr, java-1_8_0-openjdk (important)
2017-05-11 21:15:07
Security update for MozillaFirefox, mozilla-nss, mozilla-nspr (important)
2017-05-04 15:13:58
nessus
nessus
openSUSE Security Update : Mozilla Firefox (openSUSE-2017-509)
2017-04-25 00:00:00
Debian DSA-3831-1 : firefox-esr - security update
2017-04-20 00:00:00
Mozilla Firefox ESR < 52.1 Multiple Vulnerabilities
2017-04-21 00:00:00
openvas
openvas
openSUSE: Security Advisory for Mozilla (openSUSE-SU-2017:1099-1)
2017-04-25 00:00:00
CentOS Update for firefox CESA-2017:1104 centos6
2017-04-21 00:00:00
oraclelinux
oraclelinux
firefox security update
2017-04-20 00:00:00
firefox security update
2017-04-20 00:00:00
ibm
ibm
mageia
mageia
Updated firefox packages fix security vulnerability
2017-04-28 01:21:29
Updated iceape packages fix security vulnerabilities
2018-01-02 14:48:29
debian
debian
[SECURITY] [DSA 3831-1] firefox-esr security update
2017-04-19 22:40:29
[SECURITY] [DLA 906-1] firefox-esr security update
2017-04-21 17:26:13
osv
osv
firefox-esr - security update
2017-04-20 00:00:00
firefox-esr - security update
2017-04-21 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package firefox-esr version 45.9.0-alt1
2017-04-20 00:00:00
mozilla
mozilla
Security vulnerabilities fixed in Firefox ESR 45.9 — Mozilla
2017-04-19 00:00:00
Security vulnerabilities fixed in Firefox ESR 52.1 — Mozilla
2017-04-19 00:00:00
Security vulnerabilities fixed in Firefox 53 — Mozilla
2017-04-19 00:00:00
centos
centos
firefox security update
2017-04-20 22:44:21
firefox security update
2017-04-20 23:21:25
redhat
redhat
(RHSA-2017:1104) Critical: firefox security update
2017-04-20 06:59:53
(RHSA-2017:1106) Critical: firefox security update
2017-04-20 08:50:13
ubuntu
ubuntu
Firefox regression
2017-05-11 00:00:00
Firefox vulnerabilities
2017-04-21 00:00:00
archlinux
archlinux
[ASA-201704-6] firefox: multiple issues
2017-04-21 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2017-04-19 00:00:00
kaspersky
kaspersky
KLA11004 Multiple vulnerabilities in Mozilla Firefox and Mozilla Firefox ESR
2017-04-19 00:00:00
gentoo
gentoo
Mozilla Firefox: Multiple vulnerabilities
2018-02-20 00:00:00