HTTP: Mozilla Firefox createImageBitmap Integer Overflow
This signature detects attempts to exploit a known integer overflow vulnerability against Mozilla Firefox. Successful exploitation could lead to information disclosure or potential remote code execution in the security context of the target user.
Extended Description
An integer overflow in "createImageBitmap()" was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the "createImageBitmap" API. This function runs in the content sandbox, requiring a second vulnerability to compromise a user's computer. This vulnerability affects Firefox ESR < 52.0.1 and Firefox < 52.0.1.
Affected Products
Mozilla firefox
Short Name
HTTP:STC:CREATE-IMAGE-BITMAP-CE
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2017-5428 Firefox Integer Mozilla Overflow createImageBitmap
Release Date
04/18/2017
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3601
False Positive
Unknown
Vendors
Mozilla
Redhat
CVSS Score
7.5