### [CVE-2017-5375](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375)
![](https://img.shields.io/static/v1?label=Product&message=Firefox%20ESR&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Firefox&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Thunderbird&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3C%2045.7%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=%3C%2051%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Excessive%20JIT%20code%20allocation%20allows%20bypass%20of%20ASLR%20and%20DEP&color=brighgreen)

### Description

JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.

### POC

#### Reference
- https://bugzilla.mozilla.org/show_bug.cgi?id=1325200
- https://www.exploit-db.com/exploits/42327/
- https://www.exploit-db.com/exploits/44293/
- https://www.exploit-db.com/exploits/44294/
- https://www.mozilla.org/security/advisories/mfsa2017-03/

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ZihanYe/web-browser-vulnerabilities
- https://github.com/hwiwonl/dayone
- https://github.com/tronghieu220403/Common-Vulnerabilities-and-Exposures-Reports