csaf_opensuse - opensuse-su-2017:0354-1

Vulnerability from csaf_opensuse

Published

2017-02-01 17:54

Modified

2017-02-01 17:54

Summary

Security update for MozillaThunderbird

Notes

Title of the patch

Security update for MozillaThunderbird

Description of the patch

This update to Mozilla Thunderbird 45.7.0 fixes security issues and bugs. The following security issues from advisory MFSA 2017-03 were fixed (boo#1021991) In general, these flaws cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts: - CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP (boo#1021814) - CVE-2017-5376: Use-after-free in XSL (boo#1021817) - CVE-2017-5378: Pointer and frame data leakage of Javascript objects (boo#1021818) - CVE-2017-5380: Potential use-after-free during DOM manipulations (boo#1021819) - CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer (boo#1021820) - CVE-2017-5396: Use-after-free with Media Decoder (boo#1021821) - CVE-2017-5383: Location bar spoofing with unicode characters (boo#1021822) - CVE-2017-5373: Memory safety bugs fixed in Thunderbird 45.7 (boo#1021824) The following non-security bugs were fixed: - Message preview pane non-functional after IMAP folder was renamed or moved - 'Move To' button on 'Search Messages' panel not working - Message sent to 'undisclosed recipients' shows no recipient (non-functional since Thunderbird version 38)

Patchnames

openSUSE-2017-188

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for MozillaThunderbird",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update to Mozilla Thunderbird 45.7.0 fixes security issues and bugs.\n\nThe following security issues from advisory MFSA 2017-03 were fixed (boo#1021991)\nIn general, these flaws cannot be exploited through email in\nThunderbird because scripting is disabled when reading mail,\nbut are potentially risks in browser or browser-like contexts:\n\n- CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP (boo#1021814)\n- CVE-2017-5376: Use-after-free in XSL (boo#1021817)\n- CVE-2017-5378: Pointer and frame data leakage of Javascript objects (boo#1021818)\n- CVE-2017-5380: Potential use-after-free during DOM manipulations (boo#1021819)\n- CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer (boo#1021820)\n- CVE-2017-5396: Use-after-free with Media Decoder (boo#1021821)\n- CVE-2017-5383: Location bar spoofing with unicode characters (boo#1021822)\n- CVE-2017-5373: Memory safety bugs fixed in Thunderbird 45.7 (boo#1021824)\n\nThe following non-security bugs were fixed:\n\n- Message preview pane non-functional after IMAP folder was renamed or moved\n- \u0027Move To\u0027 button on \u0027Search Messages\u0027 panel not working\n- Message sent to \u0027undisclosed recipients\u0027 shows no recipient\n  (non-functional since Thunderbird version 38)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2017-188",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2017_0354-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1021814",
        "url": "https://bugzilla.suse.com/1021814"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1021817",
        "url": "https://bugzilla.suse.com/1021817"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1021818",
        "url": "https://bugzilla.suse.com/1021818"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1021819",
        "url": "https://bugzilla.suse.com/1021819"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1021820",
        "url": "https://bugzilla.suse.com/1021820"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1021821",
        "url": "https://bugzilla.suse.com/1021821"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1021822",
        "url": "https://bugzilla.suse.com/1021822"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1021824",
        "url": "https://bugzilla.suse.com/1021824"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1021991",
        "url": "https://bugzilla.suse.com/1021991"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-5373 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-5373/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-5375 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-5375/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-5376 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-5376/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-5378 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-5378/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-5380 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-5380/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-5383 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-5383/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-5390 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-5390/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-5396 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-5396/"
      }
    ],
    "title": "Security update for MozillaThunderbird",
    "tracking": {
      "current_release_date": "2017-02-01T17:54:52Z",
      "generator": {
        "date": "2017-02-01T17:54:52Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2017:0354-1",
      "initial_release_date": "2017-02-01T17:54:52Z",
      "revision_history": [
        {
          "date": "2017-02-01T17:54:52Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaThunderbird-45.7.0-23.1.aarch64",
                "product": {
                  "name": "MozillaThunderbird-45.7.0-23.1.aarch64",
                  "product_id": "MozillaThunderbird-45.7.0-23.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-devel-45.7.0-23.1.aarch64",
                "product": {
                  "name": "MozillaThunderbird-devel-45.7.0-23.1.aarch64",
                  "product_id": "MozillaThunderbird-devel-45.7.0-23.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
                "product": {
                  "name": "MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
                  "product_id": "MozillaThunderbird-translations-common-45.7.0-23.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
                "product": {
                  "name": "MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
                  "product_id": "MozillaThunderbird-translations-other-45.7.0-23.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaThunderbird-45.7.0-23.1.s390x",
                "product": {
                  "name": "MozillaThunderbird-45.7.0-23.1.s390x",
                  "product_id": "MozillaThunderbird-45.7.0-23.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-devel-45.7.0-23.1.s390x",
                "product": {
                  "name": "MozillaThunderbird-devel-45.7.0-23.1.s390x",
                  "product_id": "MozillaThunderbird-devel-45.7.0-23.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
                "product": {
                  "name": "MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
                  "product_id": "MozillaThunderbird-translations-common-45.7.0-23.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
                "product": {
                  "name": "MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
                  "product_id": "MozillaThunderbird-translations-other-45.7.0-23.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "MozillaThunderbird-45.7.0-23.1.x86_64",
                "product": {
                  "name": "MozillaThunderbird-45.7.0-23.1.x86_64",
                  "product_id": "MozillaThunderbird-45.7.0-23.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
                "product": {
                  "name": "MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
                  "product_id": "MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-devel-45.7.0-23.1.x86_64",
                "product": {
                  "name": "MozillaThunderbird-devel-45.7.0-23.1.x86_64",
                  "product_id": "MozillaThunderbird-devel-45.7.0-23.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
                "product": {
                  "name": "MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
                  "product_id": "MozillaThunderbird-translations-common-45.7.0-23.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "MozillaThunderbird-translations-other-45.7.0-23.1.x86_64",
                "product": {
                  "name": "MozillaThunderbird-translations-other-45.7.0-23.1.x86_64",
                  "product_id": "MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Package Hub 12",
                "product": {
                  "name": "SUSE Package Hub 12",
                  "product_id": "SUSE Package Hub 12",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:packagehub:12"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-45.7.0-23.1.aarch64 as component of SUSE Package Hub 12",
          "product_id": "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64"
        },
        "product_reference": "MozillaThunderbird-45.7.0-23.1.aarch64",
        "relates_to_product_reference": "SUSE Package Hub 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-45.7.0-23.1.s390x as component of SUSE Package Hub 12",
          "product_id": "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x"
        },
        "product_reference": "MozillaThunderbird-45.7.0-23.1.s390x",
        "relates_to_product_reference": "SUSE Package Hub 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-45.7.0-23.1.x86_64 as component of SUSE Package Hub 12",
          "product_id": "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64"
        },
        "product_reference": "MozillaThunderbird-45.7.0-23.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64 as component of SUSE Package Hub 12",
          "product_id": "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64"
        },
        "product_reference": "MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-devel-45.7.0-23.1.aarch64 as component of SUSE Package Hub 12",
          "product_id": "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64"
        },
        "product_reference": "MozillaThunderbird-devel-45.7.0-23.1.aarch64",
        "relates_to_product_reference": "SUSE Package Hub 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-devel-45.7.0-23.1.s390x as component of SUSE Package Hub 12",
          "product_id": "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x"
        },
        "product_reference": "MozillaThunderbird-devel-45.7.0-23.1.s390x",
        "relates_to_product_reference": "SUSE Package Hub 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-devel-45.7.0-23.1.x86_64 as component of SUSE Package Hub 12",
          "product_id": "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64"
        },
        "product_reference": "MozillaThunderbird-devel-45.7.0-23.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-translations-common-45.7.0-23.1.aarch64 as component of SUSE Package Hub 12",
          "product_id": "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64"
        },
        "product_reference": "MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
        "relates_to_product_reference": "SUSE Package Hub 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-translations-common-45.7.0-23.1.s390x as component of SUSE Package Hub 12",
          "product_id": "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x"
        },
        "product_reference": "MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
        "relates_to_product_reference": "SUSE Package Hub 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-translations-common-45.7.0-23.1.x86_64 as component of SUSE Package Hub 12",
          "product_id": "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64"
        },
        "product_reference": "MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-translations-other-45.7.0-23.1.aarch64 as component of SUSE Package Hub 12",
          "product_id": "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64"
        },
        "product_reference": "MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
        "relates_to_product_reference": "SUSE Package Hub 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-translations-other-45.7.0-23.1.s390x as component of SUSE Package Hub 12",
          "product_id": "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x"
        },
        "product_reference": "MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
        "relates_to_product_reference": "SUSE Package Hub 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "MozillaThunderbird-translations-other-45.7.0-23.1.x86_64 as component of SUSE Package Hub 12",
          "product_id": "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
        },
        "product_reference": "MozillaThunderbird-translations-other-45.7.0-23.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 12"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-5373",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-5373"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
          "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
          "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
          "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
          "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
          "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
          "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-5373",
          "url": "https://www.suse.com/security/cve/CVE-2017-5373"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1021824 for CVE-2017-5373",
          "url": "https://bugzilla.suse.com/1021824"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1021991 for CVE-2017-5373",
          "url": "https://bugzilla.suse.com/1021991"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
            "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
            "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
            "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
            "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
            "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
            "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-02-01T17:54:52Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-5373"
    },
    {
      "cve": "CVE-2017-5375",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-5375"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
          "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
          "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
          "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
          "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
          "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
          "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-5375",
          "url": "https://www.suse.com/security/cve/CVE-2017-5375"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1021814 for CVE-2017-5375",
          "url": "https://bugzilla.suse.com/1021814"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1021991 for CVE-2017-5375",
          "url": "https://bugzilla.suse.com/1021991"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
            "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
            "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
            "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
            "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
            "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
            "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-02-01T17:54:52Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-5375"
    },
    {
      "cve": "CVE-2017-5376",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-5376"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Use-after-free while manipulating XSL in XSLT documents. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
          "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
          "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
          "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
          "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
          "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
          "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-5376",
          "url": "https://www.suse.com/security/cve/CVE-2017-5376"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1021817 for CVE-2017-5376",
          "url": "https://bugzilla.suse.com/1021817"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1021991 for CVE-2017-5376",
          "url": "https://bugzilla.suse.com/1021991"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
            "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
            "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
            "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
            "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
            "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
            "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-02-01T17:54:52Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-5376"
    },
    {
      "cve": "CVE-2017-5378",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-5378"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object\u0027s address can be discovered through hash codes, and also allows for data leakage of an object\u0027s content using these hash codes. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
          "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
          "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
          "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
          "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
          "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
          "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-5378",
          "url": "https://www.suse.com/security/cve/CVE-2017-5378"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1021818 for CVE-2017-5378",
          "url": "https://bugzilla.suse.com/1021818"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1021991 for CVE-2017-5378",
          "url": "https://bugzilla.suse.com/1021991"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
            "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
            "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
            "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
            "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
            "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
            "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-02-01T17:54:52Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-5378"
    },
    {
      "cve": "CVE-2017-5380",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-5380"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A potential use-after-free found through fuzzing during DOM manipulation of SVG content. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
          "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
          "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
          "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
          "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
          "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
          "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-5380",
          "url": "https://www.suse.com/security/cve/CVE-2017-5380"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1021819 for CVE-2017-5380",
          "url": "https://bugzilla.suse.com/1021819"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1021991 for CVE-2017-5380",
          "url": "https://bugzilla.suse.com/1021991"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
            "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
            "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
            "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
            "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
            "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
            "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-02-01T17:54:52Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-5380"
    },
    {
      "cve": "CVE-2017-5383",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-5383"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
          "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
          "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
          "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
          "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
          "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
          "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-5383",
          "url": "https://www.suse.com/security/cve/CVE-2017-5383"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1021822 for CVE-2017-5383",
          "url": "https://bugzilla.suse.com/1021822"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1021991 for CVE-2017-5383",
          "url": "https://bugzilla.suse.com/1021991"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
            "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
            "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
            "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
            "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
            "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
            "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-02-01T17:54:52Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-5383"
    },
    {
      "cve": "CVE-2017-5390",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-5390"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
          "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
          "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
          "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
          "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
          "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
          "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-5390",
          "url": "https://www.suse.com/security/cve/CVE-2017-5390"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1021820 for CVE-2017-5390",
          "url": "https://bugzilla.suse.com/1021820"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1021991 for CVE-2017-5390",
          "url": "https://bugzilla.suse.com/1021991"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
            "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
            "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
            "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
            "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
            "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
            "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-02-01T17:54:52Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-5390"
    },
    {
      "cve": "CVE-2017-5396",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-5396"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
          "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
          "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
          "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
          "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
          "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
          "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
          "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-5396",
          "url": "https://www.suse.com/security/cve/CVE-2017-5396"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1021821 for CVE-2017-5396",
          "url": "https://bugzilla.suse.com/1021821"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1021991 for CVE-2017-5396",
          "url": "https://bugzilla.suse.com/1021991"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
            "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
            "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
            "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.aarch64",
            "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.s390x",
            "SUSE Package Hub 12:MozillaThunderbird-45.7.0-23.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-buildsymbols-45.7.0-23.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.aarch64",
            "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.s390x",
            "SUSE Package Hub 12:MozillaThunderbird-devel-45.7.0-23.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.aarch64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.s390x",
            "SUSE Package Hub 12:MozillaThunderbird-translations-common-45.7.0-23.1.x86_64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.aarch64",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.s390x",
            "SUSE Package Hub 12:MozillaThunderbird-translations-other-45.7.0-23.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-02-01T17:54:52Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-5396"
    }
  ]
}

CVE-2017-5390 (GCVE-0-2017-5390)

Vulnerability from cvelistv5

Published

2018-06-11 21:00

Modified

2024-08-05 14:55

Severity ?

Summary

The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.

References

▼	URL	Tags
	https://www.mozilla.org/security/advisories/mfsa2017-03/	x_refsource_CONFIRM
	https://www.mozilla.org/security/advisories/mfsa2017-02/	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/201702-22	vendor-advisory, x_refsource_GENTOO
	https://bugzilla.mozilla.org/show_bug.cgi?id=1297361	x_refsource_CONFIRM
	https://www.debian.org/security/2017/dsa-3832	vendor-advisory, x_refsource_DEBIAN
	https://security.gentoo.org/glsa/201702-13	vendor-advisory, x_refsource_GENTOO
	https://www.debian.org/security/2017/dsa-3771	vendor-advisory, x_refsource_DEBIAN
	http://www.securitytracker.com/id/1037693	vdb-entry, x_refsource_SECTRACK
	https://www.mozilla.org/security/advisories/mfsa2017-01/	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2017-0190.html	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2017-0238.html	vendor-advisory, x_refsource_REDHAT
	http://www.securityfocus.com/bid/95769	vdb-entry, x_refsource_BID

Impacted products

Vendor

Product

Version

▼

Mozilla

Thunderbird

Version: unspecified < 45.7

	Mozilla	Firefox ESR	Version: unspecified < 45.7
	Mozilla	Firefox	Version: unspecified < 51

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:55:35.774Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2017-03/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2017-02/"
          },
          {
            "name": "GLSA-201702-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201702-22"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1297361"
          },
          {
            "name": "DSA-3832",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-3832"
          },
          {
            "name": "GLSA-201702-13",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201702-13"
          },
          {
            "name": "DSA-3771",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-3771"
          },
          {
            "name": "1037693",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037693"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2017-01/"
          },
          {
            "name": "RHSA-2017:0190",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0190.html"
          },
          {
            "name": "RHSA-2017:0238",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0238.html"
          },
          {
            "name": "95769",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95769"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "45.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "45.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "51",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2017-01-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Insecure communication methods in Developer Tools JSON viewer",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-06-12T09:57:01",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2017-03/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2017-02/"
        },
        {
          "name": "GLSA-201702-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201702-22"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1297361"
        },
        {
          "name": "DSA-3832",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-3832"
        },
        {
          "name": "GLSA-201702-13",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201702-13"
        },
        {
          "name": "DSA-3771",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-3771"
        },
        {
          "name": "1037693",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037693"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2017-01/"
        },
        {
          "name": "RHSA-2017:0190",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0190.html"
        },
        {
          "name": "RHSA-2017:0238",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0238.html"
        },
        {
          "name": "95769",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95769"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2017-5390",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Thunderbird",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "45.7"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Firefox ESR",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "45.7"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Firefox",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "51"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Mozilla"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Insecure communication methods in Developer Tools JSON viewer"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2017-03/",
              "refsource": "CONFIRM",
              "url": "https://www.mozilla.org/security/advisories/mfsa2017-03/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2017-02/",
              "refsource": "CONFIRM",
              "url": "https://www.mozilla.org/security/advisories/mfsa2017-02/"
            },
            {
              "name": "GLSA-201702-22",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201702-22"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1297361",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1297361"
            },
            {
              "name": "DSA-3832",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-3832"
            },
            {
              "name": "GLSA-201702-13",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201702-13"
            },
            {
              "name": "DSA-3771",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-3771"
            },
            {
              "name": "1037693",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037693"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2017-01/",
              "refsource": "CONFIRM",
              "url": "https://www.mozilla.org/security/advisories/mfsa2017-01/"
            },
            {
              "name": "RHSA-2017:0190",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0190.html"
            },
            {
              "name": "RHSA-2017:0238",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0238.html"
            },
            {
              "name": "95769",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95769"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2017-5390",
    "datePublished": "2018-06-11T21:00:00",
    "dateReserved": "2017-01-13T00:00:00",
    "dateUpdated": "2024-08-05T14:55:35.774Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-5375 (GCVE-0-2017-5375)

Vulnerability from cvelistv5

Published

2018-06-11 21:00

Modified

2024-08-05 14:55

Severity ?

Summary

JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.

References

▼	URL	Tags
	https://www.mozilla.org/security/advisories/mfsa2017-03/	x_refsource_CONFIRM
	https://www.mozilla.org/security/advisories/mfsa2017-02/	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/201702-22	vendor-advisory, x_refsource_GENTOO
	https://www.exploit-db.com/exploits/42327/	exploit, x_refsource_EXPLOIT-DB
	https://www.debian.org/security/2017/dsa-3832	vendor-advisory, x_refsource_DEBIAN
	https://www.exploit-db.com/exploits/44293/	exploit, x_refsource_EXPLOIT-DB
	https://security.gentoo.org/glsa/201702-13	vendor-advisory, x_refsource_GENTOO
	https://www.debian.org/security/2017/dsa-3771	vendor-advisory, x_refsource_DEBIAN
	https://www.exploit-db.com/exploits/44294/	exploit, x_refsource_EXPLOIT-DB
	http://www.securitytracker.com/id/1037693	vdb-entry, x_refsource_SECTRACK
	https://www.mozilla.org/security/advisories/mfsa2017-01/	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2017-0190.html	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2017-0238.html	vendor-advisory, x_refsource_REDHAT
	http://www.securityfocus.com/bid/95757	vdb-entry, x_refsource_BID
	https://bugzilla.mozilla.org/show_bug.cgi?id=1325200	x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

▼

Mozilla

Thunderbird

Version: unspecified < 45.7

	Mozilla	Firefox ESR	Version: unspecified < 45.7
	Mozilla	Firefox	Version: unspecified < 51

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:55:35.692Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2017-03/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2017-02/"
          },
          {
            "name": "GLSA-201702-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201702-22"
          },
          {
            "name": "42327",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/42327/"
          },
          {
            "name": "DSA-3832",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-3832"
          },
          {
            "name": "44293",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/44293/"
          },
          {
            "name": "GLSA-201702-13",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201702-13"
          },
          {
            "name": "DSA-3771",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-3771"
          },
          {
            "name": "44294",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/44294/"
          },
          {
            "name": "1037693",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037693"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2017-01/"
          },
          {
            "name": "RHSA-2017:0190",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0190.html"
          },
          {
            "name": "RHSA-2017:0238",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0238.html"
          },
          {
            "name": "95757",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95757"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1325200"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "45.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "45.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "51",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2017-01-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Excessive JIT code allocation allows bypass of ASLR and DEP",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-06-12T09:57:01",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2017-03/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2017-02/"
        },
        {
          "name": "GLSA-201702-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201702-22"
        },
        {
          "name": "42327",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/42327/"
        },
        {
          "name": "DSA-3832",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-3832"
        },
        {
          "name": "44293",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/44293/"
        },
        {
          "name": "GLSA-201702-13",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201702-13"
        },
        {
          "name": "DSA-3771",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-3771"
        },
        {
          "name": "44294",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/44294/"
        },
        {
          "name": "1037693",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037693"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2017-01/"
        },
        {
          "name": "RHSA-2017:0190",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0190.html"
        },
        {
          "name": "RHSA-2017:0238",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0238.html"
        },
        {
          "name": "95757",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95757"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1325200"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2017-5375",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Thunderbird",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "45.7"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Firefox ESR",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "45.7"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Firefox",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "51"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Mozilla"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Excessive JIT code allocation allows bypass of ASLR and DEP"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2017-03/",
              "refsource": "CONFIRM",
              "url": "https://www.mozilla.org/security/advisories/mfsa2017-03/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2017-02/",
              "refsource": "CONFIRM",
              "url": "https://www.mozilla.org/security/advisories/mfsa2017-02/"
            },
            {
              "name": "GLSA-201702-22",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201702-22"
            },
            {
              "name": "42327",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/42327/"
            },
            {
              "name": "DSA-3832",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-3832"
            },
            {
              "name": "44293",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/44293/"
            },
            {
              "name": "GLSA-201702-13",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201702-13"
            },
            {
              "name": "DSA-3771",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-3771"
            },
            {
              "name": "44294",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/44294/"
            },
            {
              "name": "1037693",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037693"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2017-01/",
              "refsource": "CONFIRM",
              "url": "https://www.mozilla.org/security/advisories/mfsa2017-01/"
            },
            {
              "name": "RHSA-2017:0190",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0190.html"
            },
            {
              "name": "RHSA-2017:0238",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0238.html"
            },
            {
              "name": "95757",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95757"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1325200",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1325200"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2017-5375",
    "datePublished": "2018-06-11T21:00:00",
    "dateReserved": "2017-01-13T00:00:00",
    "dateUpdated": "2024-08-05T14:55:35.692Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-5383 (GCVE-0-2017-5383)

Vulnerability from cvelistv5

Published

2018-06-11 21:00

Modified

2024-08-05 14:55

Severity ?

Summary

URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.

References

▼	URL	Tags
	https://www.mozilla.org/security/advisories/mfsa2017-03/	x_refsource_CONFIRM
	https://www.mozilla.org/security/advisories/mfsa2017-02/	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/201702-22	vendor-advisory, x_refsource_GENTOO
	https://bugzilla.mozilla.org/show_bug.cgi?id=1323338	x_refsource_CONFIRM
	https://www.debian.org/security/2017/dsa-3832	vendor-advisory, x_refsource_DEBIAN
	https://security.gentoo.org/glsa/201702-13	vendor-advisory, x_refsource_GENTOO
	https://www.debian.org/security/2017/dsa-3771	vendor-advisory, x_refsource_DEBIAN
	http://www.securitytracker.com/id/1037693	vdb-entry, x_refsource_SECTRACK
	https://www.mozilla.org/security/advisories/mfsa2017-01/	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2017-0190.html	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2017-0238.html	vendor-advisory, x_refsource_REDHAT
	https://bugzilla.mozilla.org/show_bug.cgi?id=1324716	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/95769	vdb-entry, x_refsource_BID

Impacted products

Vendor

Product

Version

▼

Mozilla

Thunderbird

Version: unspecified < 45.7

	Mozilla	Firefox ESR	Version: unspecified < 45.7
	Mozilla	Firefox	Version: unspecified < 51

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:55:35.810Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2017-03/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2017-02/"
          },
          {
            "name": "GLSA-201702-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201702-22"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1323338"
          },
          {
            "name": "DSA-3832",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-3832"
          },
          {
            "name": "GLSA-201702-13",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201702-13"
          },
          {
            "name": "DSA-3771",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-3771"
          },
          {
            "name": "1037693",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037693"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2017-01/"
          },
          {
            "name": "RHSA-2017:0190",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0190.html"
          },
          {
            "name": "RHSA-2017:0238",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0238.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1324716"
          },
          {
            "name": "95769",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95769"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "45.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "45.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "51",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2017-01-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Location bar spoofing with unicode characters",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-06-12T09:57:01",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2017-03/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2017-02/"
        },
        {
          "name": "GLSA-201702-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201702-22"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1323338"
        },
        {
          "name": "DSA-3832",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-3832"
        },
        {
          "name": "GLSA-201702-13",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201702-13"
        },
        {
          "name": "DSA-3771",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-3771"
        },
        {
          "name": "1037693",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037693"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2017-01/"
        },
        {
          "name": "RHSA-2017:0190",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0190.html"
        },
        {
          "name": "RHSA-2017:0238",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0238.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1324716"
        },
        {
          "name": "95769",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95769"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2017-5383",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Thunderbird",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "45.7"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Firefox ESR",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "45.7"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Firefox",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "51"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Mozilla"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Location bar spoofing with unicode characters"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2017-03/",
              "refsource": "CONFIRM",
              "url": "https://www.mozilla.org/security/advisories/mfsa2017-03/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2017-02/",
              "refsource": "CONFIRM",
              "url": "https://www.mozilla.org/security/advisories/mfsa2017-02/"
            },
            {
              "name": "GLSA-201702-22",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201702-22"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1323338",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1323338"
            },
            {
              "name": "DSA-3832",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-3832"
            },
            {
              "name": "GLSA-201702-13",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201702-13"
            },
            {
              "name": "DSA-3771",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-3771"
            },
            {
              "name": "1037693",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037693"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2017-01/",
              "refsource": "CONFIRM",
              "url": "https://www.mozilla.org/security/advisories/mfsa2017-01/"
            },
            {
              "name": "RHSA-2017:0190",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0190.html"
            },
            {
              "name": "RHSA-2017:0238",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0238.html"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1324716",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1324716"
            },
            {
              "name": "95769",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95769"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2017-5383",
    "datePublished": "2018-06-11T21:00:00",
    "dateReserved": "2017-01-13T00:00:00",
    "dateUpdated": "2024-08-05T14:55:35.810Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-5378 (GCVE-0-2017-5378)

Vulnerability from cvelistv5

Published

2018-06-11 21:00

Modified

2024-08-05 14:55

Severity ?

Summary

Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an object's content using these hash codes. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.

References

▼	URL	Tags
	https://www.mozilla.org/security/advisories/mfsa2017-03/	x_refsource_CONFIRM
	https://www.mozilla.org/security/advisories/mfsa2017-02/	x_refsource_CONFIRM
	https://bugzilla.mozilla.org/show_bug.cgi?id=1312001	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/201702-22	vendor-advisory, x_refsource_GENTOO
	https://bugzilla.mozilla.org/show_bug.cgi?id=1330769	x_refsource_CONFIRM
	https://www.debian.org/security/2017/dsa-3832	vendor-advisory, x_refsource_DEBIAN
	https://security.gentoo.org/glsa/201702-13	vendor-advisory, x_refsource_GENTOO
	https://www.debian.org/security/2017/dsa-3771	vendor-advisory, x_refsource_DEBIAN
	http://www.securitytracker.com/id/1037693	vdb-entry, x_refsource_SECTRACK
	https://www.mozilla.org/security/advisories/mfsa2017-01/	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2017-0190.html	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2017-0238.html	vendor-advisory, x_refsource_REDHAT
	http://www.securityfocus.com/bid/95769	vdb-entry, x_refsource_BID

Impacted products

Vendor

Product

Version

▼

Mozilla

Thunderbird

Version: unspecified < 45.7

	Mozilla	Firefox ESR	Version: unspecified < 45.7
	Mozilla	Firefox	Version: unspecified < 51

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:55:35.814Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2017-03/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2017-02/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1312001"
          },
          {
            "name": "GLSA-201702-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201702-22"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1330769"
          },
          {
            "name": "DSA-3832",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-3832"
          },
          {
            "name": "GLSA-201702-13",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201702-13"
          },
          {
            "name": "DSA-3771",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-3771"
          },
          {
            "name": "1037693",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037693"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2017-01/"
          },
          {
            "name": "RHSA-2017:0190",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0190.html"
          },
          {
            "name": "RHSA-2017:0238",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0238.html"
          },
          {
            "name": "95769",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95769"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "45.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "45.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "51",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2017-01-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object\u0027s address can be discovered through hash codes, and also allows for data leakage of an object\u0027s content using these hash codes. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Pointer and frame data leakage of Javascript objects",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-06-12T09:57:01",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2017-03/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2017-02/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1312001"
        },
        {
          "name": "GLSA-201702-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201702-22"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1330769"
        },
        {
          "name": "DSA-3832",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-3832"
        },
        {
          "name": "GLSA-201702-13",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201702-13"
        },
        {
          "name": "DSA-3771",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-3771"
        },
        {
          "name": "1037693",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037693"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2017-01/"
        },
        {
          "name": "RHSA-2017:0190",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0190.html"
        },
        {
          "name": "RHSA-2017:0238",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0238.html"
        },
        {
          "name": "95769",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95769"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2017-5378",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Thunderbird",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "45.7"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Firefox ESR",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "45.7"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Firefox",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "51"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Mozilla"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object\u0027s address can be discovered through hash codes, and also allows for data leakage of an object\u0027s content using these hash codes. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Pointer and frame data leakage of Javascript objects"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2017-03/",
              "refsource": "CONFIRM",
              "url": "https://www.mozilla.org/security/advisories/mfsa2017-03/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2017-02/",
              "refsource": "CONFIRM",
              "url": "https://www.mozilla.org/security/advisories/mfsa2017-02/"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1312001",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1312001"
            },
            {
              "name": "GLSA-201702-22",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201702-22"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1330769",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1330769"
            },
            {
              "name": "DSA-3832",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-3832"
            },
            {
              "name": "GLSA-201702-13",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201702-13"
            },
            {
              "name": "DSA-3771",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-3771"
            },
            {
              "name": "1037693",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037693"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2017-01/",
              "refsource": "CONFIRM",
              "url": "https://www.mozilla.org/security/advisories/mfsa2017-01/"
            },
            {
              "name": "RHSA-2017:0190",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0190.html"
            },
            {
              "name": "RHSA-2017:0238",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0238.html"
            },
            {
              "name": "95769",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95769"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2017-5378",
    "datePublished": "2018-06-11T21:00:00",
    "dateReserved": "2017-01-13T00:00:00",
    "dateUpdated": "2024-08-05T14:55:35.814Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-5376 (GCVE-0-2017-5376)

Vulnerability from cvelistv5

Published

2018-06-11 21:00

Modified

2024-08-05 14:55

Severity ?

Summary

Use-after-free while manipulating XSL in XSLT documents. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.

References

▼	URL	Tags
	https://www.mozilla.org/security/advisories/mfsa2017-03/	x_refsource_CONFIRM
	https://www.mozilla.org/security/advisories/mfsa2017-02/	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/201702-22	vendor-advisory, x_refsource_GENTOO
	http://www.securityfocus.com/bid/95758	vdb-entry, x_refsource_BID
	https://www.debian.org/security/2017/dsa-3832	vendor-advisory, x_refsource_DEBIAN
	https://bugzilla.mozilla.org/show_bug.cgi?id=1311687	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/201702-13	vendor-advisory, x_refsource_GENTOO
	https://www.debian.org/security/2017/dsa-3771	vendor-advisory, x_refsource_DEBIAN
	http://www.securitytracker.com/id/1037693	vdb-entry, x_refsource_SECTRACK
	https://www.mozilla.org/security/advisories/mfsa2017-01/	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2017-0190.html	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2017-0238.html	vendor-advisory, x_refsource_REDHAT

Impacted products

Vendor

Product

Version

▼

Mozilla

Thunderbird

Version: unspecified < 45.7

	Mozilla	Firefox ESR	Version: unspecified < 45.7
	Mozilla	Firefox	Version: unspecified < 51

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:55:35.801Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2017-03/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2017-02/"
          },
          {
            "name": "GLSA-201702-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201702-22"
          },
          {
            "name": "95758",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95758"
          },
          {
            "name": "DSA-3832",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-3832"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1311687"
          },
          {
            "name": "GLSA-201702-13",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201702-13"
          },
          {
            "name": "DSA-3771",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-3771"
          },
          {
            "name": "1037693",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037693"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2017-01/"
          },
          {
            "name": "RHSA-2017:0190",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0190.html"
          },
          {
            "name": "RHSA-2017:0238",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0238.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "45.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "45.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "51",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2017-01-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Use-after-free while manipulating XSL in XSLT documents. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Use-after-free in XSL",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-06-12T09:57:01",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2017-03/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2017-02/"
        },
        {
          "name": "GLSA-201702-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201702-22"
        },
        {
          "name": "95758",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95758"
        },
        {
          "name": "DSA-3832",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-3832"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1311687"
        },
        {
          "name": "GLSA-201702-13",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201702-13"
        },
        {
          "name": "DSA-3771",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-3771"
        },
        {
          "name": "1037693",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037693"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2017-01/"
        },
        {
          "name": "RHSA-2017:0190",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0190.html"
        },
        {
          "name": "RHSA-2017:0238",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0238.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2017-5376",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Thunderbird",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "45.7"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Firefox ESR",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "45.7"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Firefox",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "51"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Mozilla"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Use-after-free while manipulating XSL in XSLT documents. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Use-after-free in XSL"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2017-03/",
              "refsource": "CONFIRM",
              "url": "https://www.mozilla.org/security/advisories/mfsa2017-03/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2017-02/",
              "refsource": "CONFIRM",
              "url": "https://www.mozilla.org/security/advisories/mfsa2017-02/"
            },
            {
              "name": "GLSA-201702-22",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201702-22"
            },
            {
              "name": "95758",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95758"
            },
            {
              "name": "DSA-3832",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-3832"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1311687",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1311687"
            },
            {
              "name": "GLSA-201702-13",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201702-13"
            },
            {
              "name": "DSA-3771",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-3771"
            },
            {
              "name": "1037693",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037693"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2017-01/",
              "refsource": "CONFIRM",
              "url": "https://www.mozilla.org/security/advisories/mfsa2017-01/"
            },
            {
              "name": "RHSA-2017:0190",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0190.html"
            },
            {
              "name": "RHSA-2017:0238",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0238.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2017-5376",
    "datePublished": "2018-06-11T21:00:00",
    "dateReserved": "2017-01-13T00:00:00",
    "dateUpdated": "2024-08-05T14:55:35.801Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-5373 (GCVE-0-2017-5373)

Vulnerability from cvelistv5

Published

2018-06-11 21:00

Modified

2024-08-05 14:55

Severity ?

Summary

Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.

References

▼	URL	Tags
	https://www.mozilla.org/security/advisories/mfsa2017-03/	x_refsource_CONFIRM
	https://www.mozilla.org/security/advisories/mfsa2017-02/	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/201702-22	vendor-advisory, x_refsource_GENTOO
	https://www.debian.org/security/2017/dsa-3832	vendor-advisory, x_refsource_DEBIAN
	http://www.securityfocus.com/bid/95762	vdb-entry, x_refsource_BID
	https://security.gentoo.org/glsa/201702-13	vendor-advisory, x_refsource_GENTOO
	https://www.debian.org/security/2017/dsa-3771	vendor-advisory, x_refsource_DEBIAN
	http://www.securitytracker.com/id/1037693	vdb-entry, x_refsource_SECTRACK
	https://www.mozilla.org/security/advisories/mfsa2017-01/	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2017-0190.html	vendor-advisory, x_refsource_REDHAT
	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1322315%2C1328834%2C1322420%2C1285833%2C1285960%2C1328251%2C1331058%2C1325938%2C1325877	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2017-0238.html	vendor-advisory, x_refsource_REDHAT

Impacted products

Vendor

Product

Version

▼

Mozilla

Thunderbird

Version: unspecified < 45.7

	Mozilla	Firefox ESR	Version: unspecified < 45.7
	Mozilla	Firefox	Version: unspecified < 51

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:55:35.805Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2017-03/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2017-02/"
          },
          {
            "name": "GLSA-201702-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201702-22"
          },
          {
            "name": "DSA-3832",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-3832"
          },
          {
            "name": "95762",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95762"
          },
          {
            "name": "GLSA-201702-13",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201702-13"
          },
          {
            "name": "DSA-3771",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-3771"
          },
          {
            "name": "1037693",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037693"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2017-01/"
          },
          {
            "name": "RHSA-2017:0190",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0190.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1322315%2C1328834%2C1322420%2C1285833%2C1285960%2C1328251%2C1331058%2C1325938%2C1325877"
          },
          {
            "name": "RHSA-2017:0238",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0238.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "45.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "45.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "51",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2017-01-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-06-12T09:57:01",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2017-03/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2017-02/"
        },
        {
          "name": "GLSA-201702-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201702-22"
        },
        {
          "name": "DSA-3832",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-3832"
        },
        {
          "name": "95762",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95762"
        },
        {
          "name": "GLSA-201702-13",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201702-13"
        },
        {
          "name": "DSA-3771",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-3771"
        },
        {
          "name": "1037693",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037693"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2017-01/"
        },
        {
          "name": "RHSA-2017:0190",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0190.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1322315%2C1328834%2C1322420%2C1285833%2C1285960%2C1328251%2C1331058%2C1325938%2C1325877"
        },
        {
          "name": "RHSA-2017:0238",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0238.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2017-5373",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Thunderbird",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "45.7"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Firefox ESR",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "45.7"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Firefox",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "51"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Mozilla"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2017-03/",
              "refsource": "CONFIRM",
              "url": "https://www.mozilla.org/security/advisories/mfsa2017-03/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2017-02/",
              "refsource": "CONFIRM",
              "url": "https://www.mozilla.org/security/advisories/mfsa2017-02/"
            },
            {
              "name": "GLSA-201702-22",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201702-22"
            },
            {
              "name": "DSA-3832",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-3832"
            },
            {
              "name": "95762",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95762"
            },
            {
              "name": "GLSA-201702-13",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201702-13"
            },
            {
              "name": "DSA-3771",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-3771"
            },
            {
              "name": "1037693",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037693"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2017-01/",
              "refsource": "CONFIRM",
              "url": "https://www.mozilla.org/security/advisories/mfsa2017-01/"
            },
            {
              "name": "RHSA-2017:0190",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0190.html"
            },
            {
              "name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1322315%2C1328834%2C1322420%2C1285833%2C1285960%2C1328251%2C1331058%2C1325938%2C1325877",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1322315%2C1328834%2C1322420%2C1285833%2C1285960%2C1328251%2C1331058%2C1325938%2C1325877"
            },
            {
              "name": "RHSA-2017:0238",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0238.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2017-5373",
    "datePublished": "2018-06-11T21:00:00",
    "dateReserved": "2017-01-13T00:00:00",
    "dateUpdated": "2024-08-05T14:55:35.805Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-5380 (GCVE-0-2017-5380)

Vulnerability from cvelistv5

Published

2018-06-11 21:00

Modified

2024-08-05 14:55

Severity ?

Summary

A potential use-after-free found through fuzzing during DOM manipulation of SVG content. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.

References

▼	URL	Tags
	https://www.mozilla.org/security/advisories/mfsa2017-03/	x_refsource_CONFIRM
	https://www.mozilla.org/security/advisories/mfsa2017-02/	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/201702-22	vendor-advisory, x_refsource_GENTOO
	https://www.debian.org/security/2017/dsa-3832	vendor-advisory, x_refsource_DEBIAN
	https://security.gentoo.org/glsa/201702-13	vendor-advisory, x_refsource_GENTOO
	https://www.debian.org/security/2017/dsa-3771	vendor-advisory, x_refsource_DEBIAN
	http://www.securitytracker.com/id/1037693	vdb-entry, x_refsource_SECTRACK
	https://www.mozilla.org/security/advisories/mfsa2017-01/	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2017-0190.html	vendor-advisory, x_refsource_REDHAT
	https://bugzilla.mozilla.org/show_bug.cgi?id=1322107	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2017-0238.html	vendor-advisory, x_refsource_REDHAT
	http://www.securityfocus.com/bid/95769	vdb-entry, x_refsource_BID

Impacted products

Vendor

Product

Version

▼

Mozilla

Thunderbird

Version: unspecified < 45.7

	Mozilla	Firefox ESR	Version: unspecified < 45.7
	Mozilla	Firefox	Version: unspecified < 51

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:55:35.799Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2017-03/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2017-02/"
          },
          {
            "name": "GLSA-201702-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201702-22"
          },
          {
            "name": "DSA-3832",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-3832"
          },
          {
            "name": "GLSA-201702-13",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201702-13"
          },
          {
            "name": "DSA-3771",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-3771"
          },
          {
            "name": "1037693",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037693"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2017-01/"
          },
          {
            "name": "RHSA-2017:0190",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0190.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1322107"
          },
          {
            "name": "RHSA-2017:0238",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0238.html"
          },
          {
            "name": "95769",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95769"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "45.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "45.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "51",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2017-01-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A potential use-after-free found through fuzzing during DOM manipulation of SVG content. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Potential use-after-free during DOM manipulations",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-06-12T09:57:01",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2017-03/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2017-02/"
        },
        {
          "name": "GLSA-201702-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201702-22"
        },
        {
          "name": "DSA-3832",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-3832"
        },
        {
          "name": "GLSA-201702-13",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201702-13"
        },
        {
          "name": "DSA-3771",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-3771"
        },
        {
          "name": "1037693",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037693"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2017-01/"
        },
        {
          "name": "RHSA-2017:0190",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0190.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1322107"
        },
        {
          "name": "RHSA-2017:0238",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0238.html"
        },
        {
          "name": "95769",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95769"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2017-5380",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Thunderbird",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "45.7"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Firefox ESR",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "45.7"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Firefox",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "51"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Mozilla"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A potential use-after-free found through fuzzing during DOM manipulation of SVG content. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Potential use-after-free during DOM manipulations"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2017-03/",
              "refsource": "CONFIRM",
              "url": "https://www.mozilla.org/security/advisories/mfsa2017-03/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2017-02/",
              "refsource": "CONFIRM",
              "url": "https://www.mozilla.org/security/advisories/mfsa2017-02/"
            },
            {
              "name": "GLSA-201702-22",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201702-22"
            },
            {
              "name": "DSA-3832",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-3832"
            },
            {
              "name": "GLSA-201702-13",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201702-13"
            },
            {
              "name": "DSA-3771",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-3771"
            },
            {
              "name": "1037693",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037693"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2017-01/",
              "refsource": "CONFIRM",
              "url": "https://www.mozilla.org/security/advisories/mfsa2017-01/"
            },
            {
              "name": "RHSA-2017:0190",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0190.html"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1322107",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1322107"
            },
            {
              "name": "RHSA-2017:0238",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0238.html"
            },
            {
              "name": "95769",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95769"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2017-5380",
    "datePublished": "2018-06-11T21:00:00",
    "dateReserved": "2017-01-13T00:00:00",
    "dateUpdated": "2024-08-05T14:55:35.799Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-5396 (GCVE-0-2017-5396)

Vulnerability from cvelistv5

Published

2018-06-11 21:00

Modified

2024-08-05 14:55

Severity ?

Summary

A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.

References

▼	URL	Tags
	https://www.mozilla.org/security/advisories/mfsa2017-03/	x_refsource_CONFIRM
	https://www.mozilla.org/security/advisories/mfsa2017-02/	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/201702-22	vendor-advisory, x_refsource_GENTOO
	https://www.debian.org/security/2017/dsa-3832	vendor-advisory, x_refsource_DEBIAN
	https://security.gentoo.org/glsa/201702-13	vendor-advisory, x_refsource_GENTOO
	https://www.debian.org/security/2017/dsa-3771	vendor-advisory, x_refsource_DEBIAN
	http://www.securitytracker.com/id/1037693	vdb-entry, x_refsource_SECTRACK
	https://www.mozilla.org/security/advisories/mfsa2017-01/	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2017-0190.html	vendor-advisory, x_refsource_REDHAT
	https://bugzilla.mozilla.org/show_bug.cgi?id=1329403	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2017-0238.html	vendor-advisory, x_refsource_REDHAT
	http://www.securityfocus.com/bid/95769	vdb-entry, x_refsource_BID

Impacted products

Vendor

Product

Version

▼

Mozilla

Thunderbird

Version: unspecified < 45.7

	Mozilla	Firefox ESR	Version: unspecified < 45.7
	Mozilla	Firefox	Version: unspecified < 51

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:55:35.793Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2017-03/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2017-02/"
          },
          {
            "name": "GLSA-201702-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201702-22"
          },
          {
            "name": "DSA-3832",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-3832"
          },
          {
            "name": "GLSA-201702-13",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201702-13"
          },
          {
            "name": "DSA-3771",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-3771"
          },
          {
            "name": "1037693",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037693"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2017-01/"
          },
          {
            "name": "RHSA-2017:0190",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0190.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1329403"
          },
          {
            "name": "RHSA-2017:0238",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0238.html"
          },
          {
            "name": "95769",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95769"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "45.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "45.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "51",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2017-01-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Use-after-free with Media Decoder",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-06-12T09:57:01",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2017-03/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2017-02/"
        },
        {
          "name": "GLSA-201702-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201702-22"
        },
        {
          "name": "DSA-3832",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-3832"
        },
        {
          "name": "GLSA-201702-13",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201702-13"
        },
        {
          "name": "DSA-3771",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-3771"
        },
        {
          "name": "1037693",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037693"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2017-01/"
        },
        {
          "name": "RHSA-2017:0190",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0190.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1329403"
        },
        {
          "name": "RHSA-2017:0238",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0238.html"
        },
        {
          "name": "95769",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95769"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2017-5396",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Thunderbird",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "45.7"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Firefox ESR",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "45.7"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Firefox",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "51"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Mozilla"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory. This vulnerability affects Thunderbird \u003c 45.7, Firefox ESR \u003c 45.7, and Firefox \u003c 51."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Use-after-free with Media Decoder"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2017-03/",
              "refsource": "CONFIRM",
              "url": "https://www.mozilla.org/security/advisories/mfsa2017-03/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2017-02/",
              "refsource": "CONFIRM",
              "url": "https://www.mozilla.org/security/advisories/mfsa2017-02/"
            },
            {
              "name": "GLSA-201702-22",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201702-22"
            },
            {
              "name": "DSA-3832",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-3832"
            },
            {
              "name": "GLSA-201702-13",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201702-13"
            },
            {
              "name": "DSA-3771",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-3771"
            },
            {
              "name": "1037693",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037693"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2017-01/",
              "refsource": "CONFIRM",
              "url": "https://www.mozilla.org/security/advisories/mfsa2017-01/"
            },
            {
              "name": "RHSA-2017:0190",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0190.html"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1329403",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1329403"
            },
            {
              "name": "RHSA-2017:0238",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0238.html"
            },
            {
              "name": "95769",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95769"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2017-5396",
    "datePublished": "2018-06-11T21:00:00",
    "dateReserved": "2017-01-13T00:00:00",
    "dateUpdated": "2024-08-05T14:55:35.793Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

Vulnerability from csaf_opensuse

CVE-2017-5390 (GCVE-0-2017-5390)

Vulnerability from cvelistv5

CVE-2017-5375 (GCVE-0-2017-5375)

Vulnerability from cvelistv5

CVE-2017-5383 (GCVE-0-2017-5383)

Vulnerability from cvelistv5

CVE-2017-5378 (GCVE-0-2017-5378)

Vulnerability from cvelistv5

CVE-2017-5376 (GCVE-0-2017-5376)

Vulnerability from cvelistv5

CVE-2017-5373 (GCVE-0-2017-5373)

Vulnerability from cvelistv5

CVE-2017-5380 (GCVE-0-2017-5380)

Vulnerability from cvelistv5

CVE-2017-5396 (GCVE-0-2017-5396)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature