CVE-2017-5375

CRITICAL

Thunderbird <45.7, Firefox ESR <45.7, Firefox <51 - Memory Corruption

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2017-5375. PoCs published by Rh0.

AI-analyzed exploit summary This exploit leverages CVE-2017-5375 (ASM.JS JIT-spray) and CVE-2016-2819 (Firefox memory corruption) to achieve arbitrary code execution by spraying fake Node objects and ASM.JS float constant pools to bypass ASLR/DEP, ultimately executing calc.exe.

Description

JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Rh0 · htmlremotewindows
https://www.exploit-db.com/exploits/44293

This exploit leverages CVE-2017-5375 (ASM.JS JIT-spray) and CVE-2016-2819 (Firefox memory corruption) to achieve arbitrary code execution by spraying fake Node objects and ASM.JS float constant pools to bypass ASLR/DEP, ultimately executing calc.exe.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Firefox 46.0.1 32-bit
No auth needed
Prerequisites: Firefox 46.0.1 32-bit on Windows 10 1709 · Network-served PoC
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Rh0 · htmlremotewindows
https://www.exploit-db.com/exploits/44294

This exploit leverages CVE-2017-5375 (and CVE-2016-1960) to bypass ASLR and DEP in Firefox 44.0.2 using an ASM.JS JIT spray technique. It manipulates Node objects and triggers a vulnerability to achieve arbitrary code execution, demonstrated by launching calc.exe.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Firefox 44.0.2 32-bit
No auth needed
Prerequisites: Firefox 44.0.2 32-bit on Windows 10 1709 · Network access to serve the PoC
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by Rh0 · htmlremotewindows
https://www.exploit-db.com/exploits/42327

This exploit leverages CVE-2017-5375 to bypass ASLR and DEP in Firefox 50.0.1 using an asm.js JIT spray technique, ultimately executing a shellcode payload that spawns cmd.exe.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Firefox 50.0.1 (32-bit)
No auth needed
Prerequisites: Firefox 50.0.1 (32-bit) on Windows 8.1/10 · Network access to serve the PoC
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (15)

Core 15
Core References
Vendor Advisory x_refsource_confirm
https://www.mozilla.org/security/advisories/mfsa2017-03/
Vendor Advisory x_refsource_confirm
https://www.mozilla.org/security/advisories/mfsa2017-02/
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201702-22
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/42327/
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2017/dsa-3832
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/44293/
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201702-13
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2017/dsa-3771
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/44294/
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1037693
Vendor Advisory x_refsource_confirm
https://www.mozilla.org/security/advisories/mfsa2017-01/
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2017-0190.html
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2017-0238.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/95757
Issue Tracking, Permissions Required x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=1325200

Scores

CVSS v3 9.8
EPSS 0.5839
EPSS Percentile 98.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (12)
debian/debian_linux 8.0
mozilla/firefox < 45.7.0
mozilla/thunderbird < 45.7.0
redhat/enterprise_linux_desktop 5.0
redhat/enterprise_linux_desktop 6.0
redhat/enterprise_linux_desktop 7.0
redhat/enterprise_linux_server 5.0
redhat/enterprise_linux_server 6.0
redhat/enterprise_linux_server 7.0
redhat/enterprise_linux_workstation 5.0
... and 2 more
Published Jun 11, 2018
Tracked Since Feb 18, 2026