CVE-2017-7824

critical
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.

References

http://www.securityfocus.com/bid/101053

http://www.securitytracker.com/id/1039465

https://access.redhat.com/errata/RHSA-2017:2831

https://access.redhat.com/errata/RHSA-2017:2885

https://bugzilla.mozilla.org/show_bug.cgi?id=1398381

https://lists.debian.org/debian-lts-announce/2017/11/msg00000.html

https://security.gentoo.org/glsa/201803-14

https://www.debian.org/security/2017/dsa-3987

https://www.debian.org/security/2017/dsa-4014

https://www.mozilla.org/security/advisories/mfsa2017-21/

https://www.mozilla.org/security/advisories/mfsa2017-22/

https://www.mozilla.org/security/advisories/mfsa2017-23/

Details

Source: MITRE

Published: 2018-06-11

Updated: 2018-08-09

Type: CWE-119

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Tenable Plugins

View all (35 total)

IDNameProductFamilySeverity
127363NewStart CGSL MAIN 4.05 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0119)NessusNewStart CGSL Local Security Checks
critical
127356NewStart CGSL MAIN 4.05 : firefox Multiple Vulnerabilities (NS-SA-2019-0116)NessusNewStart CGSL Local Security Checks
critical
119232Virtuozzo 6 : thunderbird (VZLSA-2017-2885)NessusVirtuozzo Local Security Checks
critical
119228Virtuozzo 6 : firefox (VZLSA-2017-2831)NessusVirtuozzo Local Security Checks
critical
700331Mozilla Firefox ESR < 52.4 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
700321Mozilla Firefox < 56 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
108820GLSA-201803-14 : Mozilla Thunderbird: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
106884GLSA-201802-03 : Mozilla Firefox: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
104542SUSE SLES11 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2017:2872-2)NessusSuSE Local Security Checks
critical
104340Debian DSA-4014-1 : thunderbird - security updateNessusDebian Local Security Checks
critical
104335Debian DLA-1153-1 : icedove/thunderbird security updateNessusDebian Local Security Checks
critical
104254SUSE SLES11 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2017:2872-1)NessusSuSE Local Security Checks
critical
103940EulerOS 2.0 SP2 : firefox (EulerOS-SA-2017-1249)NessusHuawei Local Security Checks
critical
103939EulerOS 2.0 SP1 : firefox (EulerOS-SA-2017-1248)NessusHuawei Local Security Checks
critical
103831Scientific Linux Security Update : thunderbird on SL6.x, SL7.x i386/x86_64 (20171012)NessusScientific Linux Local Security Checks
critical
103829Oracle Linux 6 / 7 : thunderbird (ELSA-2017-2885)NessusOracle Linux Local Security Checks
critical
103826CentOS 6 / 7 : thunderbird (CESA-2017:2885)NessusCentOS Local Security Checks
critical
103808Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : thunderbird vulnerabilities (USN-3436-1)NessusUbuntu Local Security Checks
critical
103805RHEL 6 / 7 : thunderbird (RHSA-2017:2885)NessusRed Hat Local Security Checks
critical
103798openSUSE Security Update : MozillaThunderbird (openSUSE-2017-1144)NessusSuSE Local Security Checks
critical
103768SUSE SLED12 / SLES12 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2017:2688-1)NessusSuSE Local Security Checks
critical
103680Mozilla Firefox < 56 Multiple VulnerabilitiesNessusWindows
critical
103679Mozilla Firefox ESR < 52.4 Multiple VulnerabilitiesNessusWindows
critical
103678Mozilla Firefox < 56 Multiple Vulnerabilities (macOS)NessusMacOS X Local Security Checks
critical
103677Mozilla Firefox ESR < 52.4 Multiple Vulnerabilities (macOS)NessusMacOS X Local Security Checks
critical
103667Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : firefox regression (USN-3435-2)NessusUbuntu Local Security Checks
critical
103646Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : firefox vulnerabilities (USN-3435-1)NessusUbuntu Local Security Checks
critical
103621openSUSE Security Update : Mozilla Firefox and NSS (openSUSE-2017-1114)NessusSuSE Local Security Checks
critical
103594Scientific Linux Security Update : firefox on SL6.x, SL7.x i386/x86_64 (20170929)NessusScientific Linux Local Security Checks
critical
103579Debian DSA-3987-1 : firefox-esr - security updateNessusDebian Local Security Checks
critical
103576Debian DLA-1118-1 : firefox-esr security updateNessusDebian Local Security Checks
critical
103573CentOS 6 / 7 : firefox (CESA-2017:2831)NessusCentOS Local Security Checks
critical
103561RHEL 6 / 7 : firefox (RHSA-2017:2831)NessusRed Hat Local Security Checks
critical
103558Oracle Linux 6 / 7 : firefox (ELSA-2017-2831)NessusOracle Linux Local Security Checks
critical
103556FreeBSD : mozilla -- multiple vulnerabilities (1098a15b-b0f6-42b7-b5c7-8a8646e8be07)NessusFreeBSD Local Security Checks
critical