#VU5929 Use-after-free in Mozilla Firefox
Vulnerability identifier: #VU5929
Vulnerability risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-416
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Mozilla Firefox
Client/Desktop applications /
Web browsers
Vendor: Mozilla
Description
The vulnerability allows a remote attacker to cause denial of service attack.
The vulnerability exists due to use-after-free error during buffer storage operations within the ANGLE graphics library, used for WebGL content. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and cause denial of service attack.
Successful exploitation of the vulnerability may allow an attacker to crash the victim’s browser.
Mitigation
Update to Firefox 52.
Vulnerable software versions
Mozilla Firefox: 50.0 - 51.0.3
External links
http://www.mozilla.org/en-US/security/advisories/mfsa2017-05/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
