CVE-2017-7810

critical
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.

References

http://www.securityfocus.com/bid/101054

http://www.securitytracker.com/id/1039465

https://access.redhat.com/errata/RHSA-2017:2831

https://access.redhat.com/errata/RHSA-2017:2885

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1386787%2C1389974%2C1371657%2C1360334%2C1390550%2C1380824%2C1387918%2C1395598

https://lists.debian.org/debian-lts-announce/2017/11/msg00000.html

https://security.gentoo.org/glsa/201803-14

https://usn.ubuntu.com/3688-1/

https://www.debian.org/security/2017/dsa-3987

https://www.debian.org/security/2017/dsa-4014

https://www.mozilla.org/security/advisories/mfsa2017-21/

https://www.mozilla.org/security/advisories/mfsa2017-22/

https://www.mozilla.org/security/advisories/mfsa2017-23/

Details

Source: MITRE

Published: 2018-06-11

Updated: 2018-08-01

Type: CWE-119

Risk Information

CVSS v2

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

Configuration 4

OR

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

Configuration 5

OR

cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*

Configuration 6

OR

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

Tenable Plugins

View all (36 total)

IDNameProductFamilySeverity
127363NewStart CGSL MAIN 4.05 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0119)NessusNewStart CGSL Local Security Checks
critical
127356NewStart CGSL MAIN 4.05 : firefox Multiple Vulnerabilities (NS-SA-2019-0116)NessusNewStart CGSL Local Security Checks
critical
119232Virtuozzo 6 : thunderbird (VZLSA-2017-2885)NessusVirtuozzo Local Security Checks
critical
119228Virtuozzo 6 : firefox (VZLSA-2017-2831)NessusVirtuozzo Local Security Checks
critical
700331Mozilla Firefox ESR < 52.4 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
700321Mozilla Firefox < 56 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
110622Ubuntu 17.10 / 18.04 LTS : Spidermonkey vulnerabilities (USN-3688-1)NessusUbuntu Local Security Checks
critical
108820GLSA-201803-14 : Mozilla Thunderbird: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
106884GLSA-201802-03 : Mozilla Firefox: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
104542SUSE SLES11 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2017:2872-2)NessusSuSE Local Security Checks
critical
104340Debian DSA-4014-1 : thunderbird - security updateNessusDebian Local Security Checks
critical
104335Debian DLA-1153-1 : icedove/thunderbird security updateNessusDebian Local Security Checks
critical
104254SUSE SLES11 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2017:2872-1)NessusSuSE Local Security Checks
critical
103940EulerOS 2.0 SP2 : firefox (EulerOS-SA-2017-1249)NessusHuawei Local Security Checks
critical
103939EulerOS 2.0 SP1 : firefox (EulerOS-SA-2017-1248)NessusHuawei Local Security Checks
critical
103831Scientific Linux Security Update : thunderbird on SL6.x, SL7.x i386/x86_64 (20171012)NessusScientific Linux Local Security Checks
critical
103829Oracle Linux 6 / 7 : thunderbird (ELSA-2017-2885)NessusOracle Linux Local Security Checks
critical
103826CentOS 6 / 7 : thunderbird (CESA-2017:2885)NessusCentOS Local Security Checks
critical
103808Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : thunderbird vulnerabilities (USN-3436-1)NessusUbuntu Local Security Checks
critical
103805RHEL 6 / 7 : thunderbird (RHSA-2017:2885)NessusRed Hat Local Security Checks
critical
103798openSUSE Security Update : MozillaThunderbird (openSUSE-2017-1144)NessusSuSE Local Security Checks
critical
103768SUSE SLED12 / SLES12 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2017:2688-1)NessusSuSE Local Security Checks
critical
103680Mozilla Firefox < 56 Multiple VulnerabilitiesNessusWindows
critical
103679Mozilla Firefox ESR < 52.4 Multiple VulnerabilitiesNessusWindows
critical
103678Mozilla Firefox < 56 Multiple Vulnerabilities (macOS)NessusMacOS X Local Security Checks
critical
103677Mozilla Firefox ESR < 52.4 Multiple Vulnerabilities (macOS)NessusMacOS X Local Security Checks
critical
103667Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : firefox regression (USN-3435-2)NessusUbuntu Local Security Checks
critical
103646Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : firefox vulnerabilities (USN-3435-1)NessusUbuntu Local Security Checks
critical
103621openSUSE Security Update : Mozilla Firefox and NSS (openSUSE-2017-1114)NessusSuSE Local Security Checks
critical
103594Scientific Linux Security Update : firefox on SL6.x, SL7.x i386/x86_64 (20170929)NessusScientific Linux Local Security Checks
critical
103579Debian DSA-3987-1 : firefox-esr - security updateNessusDebian Local Security Checks
critical
103576Debian DLA-1118-1 : firefox-esr security updateNessusDebian Local Security Checks
critical
103573CentOS 6 / 7 : firefox (CESA-2017:2831)NessusCentOS Local Security Checks
critical
103561RHEL 6 / 7 : firefox (RHSA-2017:2831)NessusRed Hat Local Security Checks
critical
103558Oracle Linux 6 / 7 : firefox (ELSA-2017-2831)NessusOracle Linux Local Security Checks
critical
103556FreeBSD : mozilla -- multiple vulnerabilities (1098a15b-b0f6-42b7-b5c7-8a8646e8be07)NessusFreeBSD Local Security Checks
critical