CVE-2017-7813
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Inside the JavaScript parser, a cast of an integer to a narrower type can result in data read from outside the buffer being parsed. This usually results in a non-exploitable crash, but can leak a limited amount of information from memory if it matches JavaScript identifier syntax. This vulnerability affects Firefox < 56.
Dentro del analizador JavaScript, el retorno de un entero a un tipo más estrecho puede resultar en que los datos leídos desde fuera del búfer sean analizados. Esto generalmente resulta en un cierre inesperado no explotable, pero puede filtrar una cantidad limitada de información de la memoria si coincide con la sintaxis del identificador JavaScript. Esta vulnerabilidad afecta a las versiones anteriores a la 56 de Firefox.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-04-12 CVE Reserved
- 2017-10-03 CVE Published
- 2023-11-02 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-125: Out-of-bounds Read
- CWE-704: Incorrect Type Conversion or Cast
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/101057 | Third Party Advisory | |
http://www.securitytracker.com/id/1039465 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://bugzilla.mozilla.org/show_bug.cgi?id=1383951 | 2024-08-05 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.mozilla.org/security/advisories/mfsa2017-21 | 2019-10-03 |