CVE-2017-5435

A use-after-free vulnerability occurs during transaction processing in the editor during design mode interactions. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
Configurations

Configuration 1 (hide)

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:a:mozilla:firefox:52.0:*:*:*:*:*:*:*

Configuration 5 (hide)

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

Configuration 6 (hide)

cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*

History

21 Oct 2024, 13:55

Type Values Removed Values Added
CPE cpe:2.3:a:mozilla:firefox_esr:52.0:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:52.0:*:*:*:*:*:*:*

Information

Published : 2018-06-11 21:29

Updated : 2024-10-21 13:55


NVD link : CVE-2017-5435

Mitre link : CVE-2017-5435

CVE.ORG link : CVE-2017-5435


JSON object : View

Products Affected

debian

  • debian_linux

mozilla

  • firefox_esr
  • thunderbird
  • firefox

redhat

  • enterprise_linux_server_aus
  • enterprise_linux_workstation
  • enterprise_linux_server_eus
  • enterprise_linux_server
  • enterprise_linux
  • enterprise_linux_desktop
CWE
CWE-416

Use After Free