CVE-2017-7826

HIGH

Description

Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.

References

http://www.securityfocus.com/bid/101832

http://www.securitytracker.com/id/1039803

https://access.redhat.com/errata/RHSA-2017:3247

https://access.redhat.com/errata/RHSA-2017:3372

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1394530%2C1369561%2C1411458%2C1400003%2C1395138%2C1408412%2C1393840%2C1400763%2C1339259%2C1394265%2C1407740%2C1407751%2C1408005%2C1406398%2C1387799%2C1261175%2C1400554%2C1375146%2C1397811%2C1404636%2C1401804

https://lists.debian.org/debian-lts-announce/2017/11/msg00018.html

https://lists.debian.org/debian-lts-announce/2017/12/msg00001.html

https://usn.ubuntu.com/3688-1/

https://www.debian.org/security/2017/dsa-4035

https://www.debian.org/security/2017/dsa-4061

https://www.debian.org/security/2017/dsa-4075

https://www.mozilla.org/security/advisories/mfsa2017-24/

https://www.mozilla.org/security/advisories/mfsa2017-25/

https://www.mozilla.org/security/advisories/mfsa2017-26/

Details

Source: MITRE

Published: 2018-06-11

Updated: 2018-08-01

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 10

Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Vulnerable Software

ID	Name	Product	Family	Severity
700332	Mozilla Firefox ESR < 52.5 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
700322	Mozilla Firefox < 57 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	critical
110622	Ubuntu 17.10 / 18.04 LTS : mozjs52 vulnerabilities (USN-3688-1)	Nessus	Ubuntu Local Security Checks	critical
108820	GLSA-201803-14 : Mozilla Thunderbird: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
105542	Ubuntu 14.04 LTS / 16.04 LTS / 17.04 / 17.10 : firefox regression (USN-3477-4)	Nessus	Ubuntu Local Security Checks	critical
105497	Debian DSA-4075-1 : thunderbird - security update	Nessus	Debian Local Security Checks	critical
105122	Debian DSA-4061-1 : thunderbird - security update	Nessus	Debian Local Security Checks	critical
105115	Debian DLA-1199-1 : thunderbird security update	Nessus	Debian Local Security Checks	critical
105096	SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2017:3233-1)	Nessus	SuSE Local Security Checks	critical
105058	CentOS 6 / 7 : thunderbird (CESA-2017:3372)	Nessus	CentOS Local Security Checks	critical
105044	Mozilla Thunderbird < 52.5 Multiple Vulnerabilities	Nessus	Windows	high
105043	Mozilla Thunderbird < 52.5 Multiple Vulnerabilities (macOS)	Nessus	MacOS X Local Security Checks	high
105034	SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2017:3213-1)	Nessus	SuSE Local Security Checks	critical
105019	Scientific Linux Security Update : thunderbird on SL6.x, SL7.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	critical
105015	Oracle Linux 6 / 7 : thunderbird (ELSA-2017-3372)	Nessus	Oracle Linux Local Security Checks	critical
104995	Ubuntu 14.04 LTS / 16.04 LTS / 17.04 / 17.10 : thunderbird vulnerabilities (USN-3490-1)	Nessus	Ubuntu Local Security Checks	critical
104994	Ubuntu 14.04 LTS / 16.04 LTS / 17.04 / 17.10 : firefox regressions (USN-3477-3)	Nessus	Ubuntu Local Security Checks	critical
104988	RHEL 6 / 7 : thunderbird (RHSA-2017:3372)	Nessus	Red Hat Local Security Checks	critical
104918	EulerOS 2.0 SP2 : firefox (EulerOS-SA-2017-1300)	Nessus	Huawei Local Security Checks	critical
104917	EulerOS 2.0 SP1 : firefox (EulerOS-SA-2017-1299)	Nessus	Huawei Local Security Checks	critical
104807	Ubuntu 14.04 LTS / 16.04 LTS / 17.04 / 17.10 : firefox regression (USN-3477-2)	Nessus	Ubuntu Local Security Checks	critical
104798	openSUSE Security Update : Mozilla Thunderbird (openSUSE-2017-1311)	Nessus	SuSE Local Security Checks	critical
104701	Scientific Linux Security Update : firefox on SL6.x, SL7.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	critical
104700	RHEL 6 / 7 : firefox (RHSA-2017:3247)	Nessus	Red Hat Local Security Checks	critical
104698	Oracle Linux 6 / 7 : firefox (ELSA-2017-3247)	Nessus	Oracle Linux Local Security Checks	critical
104675	CentOS 6 / 7 : firefox (CESA-2017:3247)	Nessus	CentOS Local Security Checks	critical
104652	Ubuntu 14.04 LTS / 16.04 LTS / 17.04 / 17.10 : firefox vulnerabilities (USN-3477-1)	Nessus	Ubuntu Local Security Checks	critical
104648	openSUSE Security Update : MozillaFirefox (openSUSE-2017-1279)	Nessus	SuSE Local Security Checks	critical
104638	Mozilla Firefox < 57 Multiple Vulnerabilities	Nessus	Windows	high
104637	Mozilla Firefox ESR < 52.5 Multiple Vulnerabilities	Nessus	Windows	high
104636	Mozilla Firefox < 57 Multiple Vulnerabilities (macOS)	Nessus	MacOS X Local Security Checks	high
104635	Mozilla Firefox ESR < 52.5 Multiple Vulnerabilities (macOS)	Nessus	MacOS X Local Security Checks	high
104587	Debian DSA-4035-1 : firefox-esr - security update	Nessus	Debian Local Security Checks	critical
104585	Debian DLA-1172-1 : firefox-esr security update	Nessus	Debian Local Security Checks	critical
104564	FreeBSD : mozilla -- multiple vulnerabilities (f78eac48-c3d1-4666-8de5-63ceea25a578)	Nessus	FreeBSD Local Security Checks	critical