Denial of Service Vulnerability in Firefox < 51: Unrestricted STUN Packet Sending via e10s

Denial of Service Vulnerability in Firefox < 51: Unrestricted STUN Packet Sending via e10s

CVE-2017-5388 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:N/A:P

A STUN server in conjunction with a large number of "webkitRTCPeerConnection" objects can be used to send large STUN packets in a short period of time due to a lack of rate limiting being applied on e10s systems, allowing for a denial of service attack. This vulnerability affects Firefox < 51.

Learn more about our Web App Pen Testing.