CVE-2017-7810

HIGH

Description

Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.

References

http://www.securityfocus.com/bid/101054

http://www.securitytracker.com/id/1039465

https://access.redhat.com/errata/RHSA-2017:2831

https://access.redhat.com/errata/RHSA-2017:2885

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1386787%2C1389974%2C1371657%2C1360334%2C1390550%2C1380824%2C1387918%2C1395598

https://lists.debian.org/debian-lts-announce/2017/11/msg00000.html

https://security.gentoo.org/glsa/201803-14

https://usn.ubuntu.com/3688-1/

https://www.debian.org/security/2017/dsa-3987

https://www.debian.org/security/2017/dsa-4014

https://www.mozilla.org/security/advisories/mfsa2017-21/

https://www.mozilla.org/security/advisories/mfsa2017-22/

https://www.mozilla.org/security/advisories/mfsa2017-23/

Details

Source: MITRE

Published: 2018-06-11

Updated: 2018-08-01

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Vulnerable Software

ID	Name	Product	Family	Severity
127363	NewStart CGSL MAIN 4.05 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0119)	Nessus	NewStart CGSL Local Security Checks	critical
127356	NewStart CGSL MAIN 4.05 : firefox Multiple Vulnerabilities (NS-SA-2019-0116)	Nessus	NewStart CGSL Local Security Checks	critical
119232	Virtuozzo 6 : thunderbird (VZLSA-2017-2885)	Nessus	Virtuozzo Local Security Checks	critical
119228	Virtuozzo 6 : firefox (VZLSA-2017-2831)	Nessus	Virtuozzo Local Security Checks	critical
700331	Mozilla Firefox ESR < 52.4 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
700321	Mozilla Firefox < 56 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
110622	Ubuntu 17.10 / 18.04 LTS : mozjs52 vulnerabilities (USN-3688-1)	Nessus	Ubuntu Local Security Checks	critical
108820	GLSA-201803-14 : Mozilla Thunderbird: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
106884	GLSA-201802-03 : Mozilla Firefox: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
104542	SUSE SLES11 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2017:2872-2)	Nessus	SuSE Local Security Checks	critical
104340	Debian DSA-4014-1 : thunderbird - security update	Nessus	Debian Local Security Checks	critical
104335	Debian DLA-1153-1 : icedove/thunderbird security update	Nessus	Debian Local Security Checks	critical
104254	SUSE SLES11 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2017:2872-1)	Nessus	SuSE Local Security Checks	critical
103940	EulerOS 2.0 SP2 : firefox (EulerOS-SA-2017-1249)	Nessus	Huawei Local Security Checks	critical
103939	EulerOS 2.0 SP1 : firefox (EulerOS-SA-2017-1248)	Nessus	Huawei Local Security Checks	critical
103831	Scientific Linux Security Update : thunderbird on SL6.x, SL7.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	critical
103829	Oracle Linux 6 / 7 : thunderbird (ELSA-2017-2885)	Nessus	Oracle Linux Local Security Checks	critical
103826	CentOS 6 / 7 : thunderbird (CESA-2017:2885)	Nessus	CentOS Local Security Checks	critical
103808	Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : thunderbird vulnerabilities (USN-3436-1)	Nessus	Ubuntu Local Security Checks	critical
103805	RHEL 6 / 7 : thunderbird (RHSA-2017:2885)	Nessus	Red Hat Local Security Checks	critical
103798	openSUSE Security Update : MozillaThunderbird (openSUSE-2017-1144)	Nessus	SuSE Local Security Checks	critical
103768	SUSE SLED12 / SLES12 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2017:2688-1)	Nessus	SuSE Local Security Checks	critical
103680	Mozilla Firefox < 56 Multiple Vulnerabilities	Nessus	Windows	critical
103679	Mozilla Firefox ESR < 52.4 Multiple Vulnerabilities	Nessus	Windows	critical
103678	Mozilla Firefox < 56 Multiple Vulnerabilities (macOS)	Nessus	MacOS X Local Security Checks	critical
103677	Mozilla Firefox ESR < 52.4 Multiple Vulnerabilities (macOS)	Nessus	MacOS X Local Security Checks	critical
103667	Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : firefox regression (USN-3435-2)	Nessus	Ubuntu Local Security Checks	critical
103646	Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : firefox vulnerabilities (USN-3435-1)	Nessus	Ubuntu Local Security Checks	critical
103621	openSUSE Security Update : Mozilla Firefox and NSS (openSUSE-2017-1114)	Nessus	SuSE Local Security Checks	critical
103594	Scientific Linux Security Update : firefox on SL6.x, SL7.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	critical
103579	Debian DSA-3987-1 : firefox-esr - security update	Nessus	Debian Local Security Checks	critical
103576	Debian DLA-1118-1 : firefox-esr security update	Nessus	Debian Local Security Checks	critical
103573	CentOS 6 / 7 : firefox (CESA-2017:2831)	Nessus	CentOS Local Security Checks	critical
103561	RHEL 6 / 7 : firefox (RHSA-2017:2831)	Nessus	Red Hat Local Security Checks	critical
103558	Oracle Linux 6 / 7 : firefox (ELSA-2017-2831)	Nessus	Oracle Linux Local Security Checks	critical
103556	FreeBSD : mozilla -- multiple vulnerabilities (1098a15b-b0f6-42b7-b5c7-8a8646e8be07)	Nessus	FreeBSD Local Security Checks	critical