FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

firefox -- integer overflow in createImageBitmap()

Affected packages
firefox < 52.0.1,1

Details

VuXML ID 5f453b69-abab-4e76-b6e5-2ed0bafcaee3
Discovery 2017-03-17
Entry 2017-03-18

The Mozilla Foundation reports:

An integer overflow in createImageBitmap() was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the createImageBitmap API. This function runs in the content sandbox, requiring a second vulnerability to compromise a user's computer.

References

CVE Name CVE-2017-5428
URL https://www.mozilla.org/security/advisories/mfsa2017-08/