CVE-2017-5398

Q: How do I fix CVE-2017-5398?

1. Open the application. 2. Go to Help > About. 3. Allow automatic update. 4. Restart when prompted. For enterprise deployments, use your standard patch management system.

Q: What is the severity of CVE-2017-5398?

CVE-2017-5398 has a CVSS score of 9.8 (CRITICAL). CVE-2017-5398 is a memory corruption vulnerability in Thunderbird and Firefox that could allow attackers to execute arbitrary code on affected systems. This affects users running vulnerable versions of Firefox (<52), Firefox ESR (<45.8), Thunderbird (<52), and Thunderbird ESR (<45.8).

9.8 CRITICAL

Remote Code Execution

📋 TL;DR

CVE-2017-5398 is a memory corruption vulnerability in Thunderbird and Firefox that could allow attackers to execute arbitrary code on affected systems. This affects users running vulnerable versions of Firefox (<52), Firefox ESR (<45.8), Thunderbird (<52), and Thunderbird ESR (<45.8).

💻 Affected Systems

Products:

Mozilla Firefox
Mozilla Firefox ESR
Mozilla Thunderbird
Mozilla Thunderbird ESR

Versions: Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, Thunderbird ESR < 45.8

Operating Systems: All platforms supported by affected versions

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations of affected versions are vulnerable. No special configuration required for exploitation.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Application crash or denial of service, with potential for limited code execution in targeted attacks.

🟢

If Mitigated

Minimal impact if systems are patched, isolated, or have memory protection controls enabled.

🌐 Internet-Facing: HIGH - Web browsers and email clients frequently process untrusted content from the internet.

🏢 Internal Only: MEDIUM - Internal users could be targeted via malicious emails or internal web content.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Memory corruption vulnerabilities in browsers/email clients are frequently weaponized. The CVSS 9.8 score indicates high exploitability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firefox 52, Firefox ESR 45.8, Thunderbird 52, Thunderbird ESR 45.8

Vendor Advisory: https://www.mozilla.org/en-US/security/advisories/

Restart Required: Yes

Instructions:

1. Open the application. 2. Go to Help > About. 3. Allow automatic update. 4. Restart when prompted. For enterprise deployments, use your standard patch management system.

🔧 Temporary Workarounds

Disable JavaScript

all

Reduces attack surface by disabling JavaScript execution in Thunderbird

In Thunderbird: Edit > Preferences > Advanced > General > Config Editor > Set javascript.enabled to false

Network Segmentation

all

Restrict network access to vulnerable systems

🧯 If You Can't Patch

Isolate affected systems from internet and untrusted networks
Implement application whitelisting to prevent execution of unauthorized code

🔍 How to Verify

Check if Vulnerable:

Check application version in Help > About menu. Compare against affected versions.

Check Version:

On Linux: thunderbird --version or firefox --version. On Windows: Check Help > About.

Verify Fix Applied:

Verify version is Firefox ≥52, Firefox ESR ≥45.8, Thunderbird ≥52, or Thunderbird ESR ≥45.8.

📡 Detection & Monitoring

Log Indicators:

Application crash logs
Memory access violation errors
Unexpected process termination

Network Indicators:

Unusual outbound connections from browser/email client
Suspicious download patterns

SIEM Query:

source="*thunderbird*" OR source="*firefox*" AND (event_type="crash" OR error="memory" OR error="corruption")

📊 Metadata

CVE ID: CVE-2017-5398

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

Published: June 11, 2018

Last Updated: November 25, 2025

🔗 References

http://rhn.redhat.com/errata/RHSA-2017-0459.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0461.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0498.html Third Party Advisory
http://www.securityfocus.com/bid/96651 Third Party Advisory,VDB Entry
http://www.securitytracker.com/id/1037966 Third Party Advisory,VDB Entry
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1332550%2C1332597%2C1338383%2C1321612%2C1322971%2C1333568%2C1333887%2C1335450%2C1325052%2C1324379%2C1336510 Issue Tracking,Permissions Required,Third Party Advisory
https://security.gentoo.org/glsa/201705-06 Third Party Advisory
https://security.gentoo.org/glsa/201705-07 Third Party Advisory
https://www.debian.org/security/2017/dsa-3805 Third Party Advisory
https://www.debian.org/security/2017/dsa-3832 Third Party Advisory
https://www.mozilla.org/security/advisories/mfsa2017-05/ Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2017-06/ Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2017-07/ Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2017-09/ Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2017-0459.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0461.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0498.html Third Party Advisory
http://www.securityfocus.com/bid/96651 Third Party Advisory,VDB Entry
http://www.securitytracker.com/id/1037966 Third Party Advisory,VDB Entry
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1332550%2C1332597%2C1338383%2C1321612%2C1322971%2C1333568%2C1333887%2C1335450%2C1325052%2C1324379%2C1336510 Issue Tracking,Permissions Required,Third Party Advisory
https://security.gentoo.org/glsa/201705-06 Third Party Advisory
https://security.gentoo.org/glsa/201705-07 Third Party Advisory
https://www.debian.org/security/2017/dsa-3805 Third Party Advisory
https://www.debian.org/security/2017/dsa-3832 Third Party Advisory
https://www.mozilla.org/security/advisories/mfsa2017-05/ Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2017-06/ Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2017-07/ Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2017-09/ Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Debian Linux by Debian

Debian Linux by Debian

Enterprise Linux Desktop by Redhat

Enterprise Linux Desktop by Redhat

Enterprise Linux Desktop by Redhat

Enterprise Linux Server by Redhat

Enterprise Linux Server by Redhat

Enterprise Linux Server by Redhat

Enterprise Linux Server Aus by Redhat

Enterprise Linux Server Aus by Redhat

Enterprise Linux Server Eus by Redhat

Enterprise Linux Server Eus by Redhat

Enterprise Linux Server Eus by Redhat

Enterprise Linux Workstation by Redhat

Enterprise Linux Workstation by Redhat

Enterprise Linux Workstation by Redhat

Firefox by Mozilla

Firefox by Mozilla

Thunderbird by Mozilla

Thunderbird Esr by Mozilla

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable JavaScript

Network Segmentation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities