cvedb.io
CVE-2017-5428
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2018-06-11T21:29:05.453 · Last modified 2026-06-17T01:20:27.897

Summary

An integer overflow in "createImageBitmap()" was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the "createImageBitmap" API. This function runs in the content sandbox, requiring a second vulnerability to compromise a user's computer. This vulnerability affects Firefox ESR < 52.0.1 and Firefox < 52.0.1.

Affected products

redhat — enterprise_linux

Does this affect you?

Add your gear to cvedb and we'll alert you only when redhat ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.