CVE-2017-5411
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A use-after-free can occur during buffer storage operations within the ANGLE graphics library, used for WebGL content. The buffer storage can be freed while still in use in some circumstances, leading to a potentially exploitable crash. Note: This issue is in "libGLES", which is only in use on Windows. Other operating systems are not affected. This vulnerability affects Firefox < 52 and Thunderbird < 52.
Puede ocurrir un uso de memoria previamente liberada durante las operaciones de almacenamiento de búfer en la biblioteca de gráficos ANGLE, empleada para el contenido WebGL. El almacenamiento de búfer puede liberarse mientras sigue en uso en algunas circunstancias, lo que conduce a un cierre inesperado potencialmente explotable. Nota: Este problema está presente en "libGLES", que solo está en uso en Windows. Otros sistemas operativos no se han visto afectados. La vulnerabilidad afecta a Firefox en versiones anteriores a la 52 y Thunderbird en versiones anteriores a la 52.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-01-13 CVE Reserved
- 2018-06-11 CVE Published
- 2023-11-02 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-416: Use After Free
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/96692 | Third Party Advisory | |
http://www.securitytracker.com/id/1037966 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://bugzilla.mozilla.org/show_bug.cgi?id=1325511 | 2024-08-05 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.mozilla.org/security/advisories/mfsa2017-05 | 2018-08-02 | |
https://www.mozilla.org/security/advisories/mfsa2017-09 | 2018-08-02 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | < 52.0 Search vendor "Mozilla" for product "Firefox" and version " < 52.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
Mozilla Search vendor "Mozilla" | Thunderbird Search vendor "Mozilla" for product "Thunderbird" | < 52.0 Search vendor "Mozilla" for product "Thunderbird" and version " < 52.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|