CVE-2017-5403

Source
Severity Critical
Remote Yes
Type Arbitrary code execution
Description
When adding a range to an object in the DOM, it is possible to use addRange to add the range to an incorrect root object. This triggers a use-after-free, resulting in a potentially exploitable crash.
Group Package Affected Fixed Severity Status Ticket
AVG-194 firefox 51.0.1-1 52.0-1 Critical Fixed
Date Advisory Group Package Severity Description
10 Mar 2017 ASA-201703-3 AVG-194 firefox Critical multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5403
https://bugzilla.mozilla.org/show_bug.cgi?id=1340186