{ "id": "CVE-2017-5411", "sourceIdentifier": "security@mozilla.org", "published": "2018-06-11T21:29:04.640", "lastModified": "2018-08-02T16:21:27.987", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A use-after-free can occur during buffer storage operations within the ANGLE graphics library, used for WebGL content. The buffer storage can be freed while still in use in some circumstances, leading to a potentially exploitable crash. Note: This issue is in \"libGLES\", which is only in use on Windows. Other operating systems are not affected. This vulnerability affects Firefox < 52 and Thunderbird < 52." }, { "lang": "es", "value": "Puede ocurrir un uso de memoria previamente liberada durante las operaciones de almacenamiento de b\u00fafer en la biblioteca de gr\u00e1ficos ANGLE, empleada para el contenido WebGL. El almacenamiento de b\u00fafer puede liberarse mientras sigue en uso en algunas circunstancias, lo que conduce a un cierre inesperado potencialmente explotable. Nota: Este problema est\u00e1 presente en \"libGLES\", que solo est\u00e1 en uso en Windows. Otros sistemas operativos no se han visto afectados. La vulnerabilidad afecta a Firefox en versiones anteriores a la 52 y Thunderbird en versiones anteriores a la 52." } ], "metrics": { "cvssMetricV30": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 3.6 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 2.9, "acInsufInfo": true, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-416" } ] } ], "configurations": [ { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "versionEndExcluding": "52.0", "matchCriteriaId": "6239EC26-A3A1-4FD4-B96F-F47B09C0CA00" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "versionEndExcluding": "52.0", "matchCriteriaId": "566987B8-698A-4EB8-8380-FA44DB228B81" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" } ] } ] } ], "references": [ { "url": "http://www.securityfocus.com/bid/96692", "source": "security@mozilla.org", "tags": [ "Third Party Advisory", "VDB Entry" ] }, { "url": "http://www.securitytracker.com/id/1037966", "source": "security@mozilla.org", "tags": [ "Third Party Advisory", "VDB Entry" ] }, { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1325511", "source": "security@mozilla.org", "tags": [ "Exploit", "Issue Tracking", "Vendor Advisory" ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2017-05/", "source": "security@mozilla.org", "tags": [ "Vendor Advisory" ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2017-09/", "source": "security@mozilla.org", "tags": [ "Vendor Advisory" ] } ] }