Mozilla Foundation Security Advisory 2017-08

integer overflow in createImageBitmap()

Announced
March 17, 2017
Impact
critical
Products
Firefox, Firefox ESR
Fixed in
  • Firefox 52.0.1
  • Firefox ESR 52.0.1

#CVE-2017-5428: integer overflow in createImageBitmap()

Reporter
Chaitin Security Research Lab via Trend Micro's Zero Day Initiative
Impact
critical
Description

An integer overflow in createImageBitmap() was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the createImageBitmap API. This function runs in the content sandbox, requiring a second vulnerability to compromise a user's computer.

References