CVE-2017-5392
Last modified
CVE-2017-5392 is a vulnerability of currently unknown severity. Weak proxy objects have weak references on multiple threads when they should only have them on one, resulting in incorrect memory usage and corruption, which leads to potentially exploitable crashes. Note: This issue only affects Firefox for Android. EPSS estimates a 1.79% chance of exploitation in the next 30 days.
Description
Weak proxy objects have weak references on multiple threads when they should only have them on one, resulting in incorrect memory usage and corruption, which leads to potentially exploitable crashes. Note: This issue only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 51.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | < 51.0 |
References
- http://www.securityfocus.com/bid/95763Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1037693Third Party Advisory, VDB Entry
- https://bugzilla.mozilla.org/show_bug.cgi?id=1293709Issue Tracking, Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2017-01/Vendor Advisory
- http://www.securityfocus.com/bid/95763Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1037693Third Party Advisory, VDB Entry
- https://bugzilla.mozilla.org/show_bug.cgi?id=1293709Issue Tracking, Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2017-01/Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-5392?
How severe is CVE-2017-5392?
How do I fix CVE-2017-5392?
Are you affected by CVE-2017-5392?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST