Download Firefox

Firefox is no longer supported on Windows 8.1 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Download Firefox ESR 64-bit

Download Firefox ESR 32-bit

Download a different build

Firefox is no longer supported on macOS 10.14 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Download Firefox ESR
Firefox Privacy Notice
Get Mozilla VPN

Mozilla Foundation Security Advisory 2017-08

integer overflow in createImageBitmap()

Announced
March 17, 2017
Impact
critical
Products
Firefox, Firefox ESR
Fixed in
  • Firefox 52.0.1
  • Firefox ESR 52.0.1

#CVE-2017-5428: integer overflow in createImageBitmap()

Reporter
Chaitin Security Research Lab via Trend Micro's Zero Day Initiative
Impact
critical
Description

An integer overflow in createImageBitmap() was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the createImageBitmap API. This function runs in the content sandbox, requiring a second vulnerability to compromise a user's computer.

References