Back to search
CVE-2017-5448
Published: Jun 11, 2018
Modified: Aug 5, 2024
PUBLISHED
Description
An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Clearkey-encrypted media content. The "ClearKeyDecryptor" code runs within the Gecko Media Plugin (GMP) sandbox. If a second mechanism is found to escape the sandbox, this vulnerability allows for the writing of arbitrary data within memory, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
| Vendor | Product | Versions |
|---|---|---|
Mozilla | Firefox ESR | affected unspecified - < 45.9affected unspecified - < 52.1 |
Mozilla | Firefox | affected unspecified - < 53 |
References
RHSA-2017:1106
vendor-advisory
x_refsource_REDHAT
https://www.mozilla.org/security/advisories/mfsa2017-12/
x_refsource_CONFIRM
https://www.mozilla.org/security/advisories/mfsa2017-11/
x_refsource_CONFIRM
https://www.mozilla.org/security/advisories/mfsa2017-10/
x_refsource_CONFIRM
97940
vdb-entry
x_refsource_BID
DSA-3831
vendor-advisory
x_refsource_DEBIAN
1038320
vdb-entry
x_refsource_SECTRACK
RHSA-2017:1104
vendor-advisory
x_refsource_REDHAT
https://bugzilla.mozilla.org/show_bug.cgi?id=1346648
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now