Mozilla Foundation Security Advisory 2017-14

Use after free in ANGLE

Announced

May 5, 2017

Impact

high

Products

Firefox, Firefox ESR

Fixed in

Firefox 53.0.2
Firefox ESR 52.1.1

#CVE-2017-5031: Use after free in ANGLE

Reporter: Bob Clary, Looben Yang
Impact: high

Description

A use-after-free can occur during Buffer11 API calls within the ANGLE graphics library, used for WebGL content. This can lead to a potentially exploitable crash.
Note: This issue is in libGLES, which is only in use on Windows. Other operating systems are not affected.

References

Bug 1328762

Firefox for Desktop

Firefox for Android

Firefox for iOS

Firefox Focus

Firefox Blog

Release Notes

Mozilla Monitor

Facebook Container

Pocket

Mozilla VPN

Firefox Relay

MDN Plus

Fakespot

Mozilla Manifesto

Mozilla Foundation

Leadership

Get involved

Careers

Mozilla Blog

Impact

Firefox Developer Edition

MDN Web Docs

Mozilla Innovation Projects

Common Voice