An integer overflow in <code>createImageBitmap()</code> reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental <code>createImageBitmap</code> API. This function runs in the content sandbox, requiring a second vulnerability to compromise a user's computer. External Reference: https://www.mozilla.org/en-US/security/advisories/mfsa2017-08/#CVE-2017-5428 Acknowledgements: Name: the Mozilla project Upstream: Chaitin Security Research Lab via Trend Micro's Zero Day Initiative
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2017:0558 https://rhn.redhat.com/errata/RHSA-2017-0558.html