CVE-2017-7779

HIGH

Description

Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

References

http://www.securityfocus.com/bid/100201

http://www.securitytracker.com/id/1039124

https://access.redhat.com/errata/RHSA-2017:2456

https://access.redhat.com/errata/RHSA-2017:2534

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1354443%2C1368576%2C1366903%2C1369913%2C1371424%2C1346590%2C1371890%2C1372985%2C1362924%2C1368105%2C1369994%2C1371283%2C1368362%2C1378826%2C1380426%2C1368030%2C1373220%2C1321384%2C1383002

https://security.gentoo.org/glsa/201803-14

https://www.debian.org/security/2017/dsa-3928

https://www.debian.org/security/2017/dsa-3968

https://www.mozilla.org/security/advisories/mfsa2017-18/

https://www.mozilla.org/security/advisories/mfsa2017-19/

https://www.mozilla.org/security/advisories/mfsa2017-20/

Details

Source: MITRE

Published: 2018-06-11

Updated: 2018-08-01

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Vulnerable Software

ID	Name	Product	Family	Severity
127363	NewStart CGSL MAIN 4.05 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0119)	Nessus	NewStart CGSL Local Security Checks	critical
127356	NewStart CGSL MAIN 4.05 : firefox Multiple Vulnerabilities (NS-SA-2019-0116)	Nessus	NewStart CGSL Local Security Checks	critical
108820	GLSA-201803-14 : Mozilla Thunderbird: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
106884	GLSA-201802-03 : Mozilla Firefox: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
103563	SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2017:2589-1)	Nessus	SuSE Local Security Checks	critical
103249	Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : thunderbird vulnerabilities (USN-3416-1)	Nessus	Ubuntu Local Security Checks	critical
103116	Debian DSA-3968-1 : icedove - security update	Nessus	Debian Local Security Checks	critical
103056	EulerOS 2.0 SP2 : firefox (EulerOS-SA-2017-1198)	Nessus	Huawei Local Security Checks	critical
103055	EulerOS 2.0 SP1 : firefox (EulerOS-SA-2017-1197)	Nessus	Huawei Local Security Checks	critical
102961	Debian DLA-1087-2 : icedove/thunderbird regression update	Nessus	Debian Local Security Checks	critical
102882	CentOS 6 / 7 : thunderbird (CESA-2017:2534)	Nessus	CentOS Local Security Checks	critical
102856	SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2017:2302-1)	Nessus	SuSE Local Security Checks	critical
102776	Scientific Linux Security Update : thunderbird on SL6.x, SL7.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	critical
102772	Oracle Linux 6 / 7 : thunderbird (ELSA-2017-2534)	Nessus	Oracle Linux Local Security Checks	critical
102727	RHEL 6 / 7 : thunderbird (RHSA-2017:2534)	Nessus	Red Hat Local Security Checks	critical
102667	Scientific Linux Security Update : firefox on SL6.x, SL7.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	critical
700183	Mozilla Firefox ESR < 52.3 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
700182	Mozilla Firefox < 55 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
102622	openSUSE Security Update : MozillaThunderbird (openSUSE-2017-955)	Nessus	SuSE Local Security Checks	critical
102580	Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : firefox regression (USN-3391-3)	Nessus	Ubuntu Local Security Checks	critical
102543	Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : ubufox update (USN-3391-2)	Nessus	Ubuntu Local Security Checks	critical
102523	Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : firefox vulnerabilities (USN-3391-1)	Nessus	Ubuntu Local Security Checks	critical
102504	CentOS 6 / 7 : firefox (CESA-2017:2456)	Nessus	CentOS Local Security Checks	critical
102473	Oracle Linux 6 / 7 : firefox (ELSA-2017-2456)	Nessus	Oracle Linux Local Security Checks	critical
102472	openSUSE Security Update : MozillaFirefox (openSUSE-2017-921)	Nessus	SuSE Local Security Checks	critical
102438	Debian DLA-1053-1 : firefox-esr security update	Nessus	Debian Local Security Checks	critical
102410	RHEL 6 / 7 : firefox (RHSA-2017:2456)	Nessus	Red Hat Local Security Checks	critical
102369	Debian DSA-3928-1 : firefox-esr - security update	Nessus	Debian Local Security Checks	critical
102359	Mozilla Firefox < 55 Multiple Vulnerabilities	Nessus	Windows	critical
102358	Mozilla Firefox ESR < 52.3 Multiple Vulnerabilities	Nessus	Windows	critical
102357	Mozilla Firefox < 55 Multiple Vulnerabilities (macOS)	Nessus	MacOS X Local Security Checks	critical
102356	Mozilla Firefox ESR < 52.3 Multiple Vulnerabilities (macOS)	Nessus	MacOS X Local Security Checks	critical
102278	FreeBSD : mozilla -- multiple vulnerabilities (555b244e-6b20-4546-851f-d8eb7d6c1ffa)	Nessus	FreeBSD Local Security Checks	critical