CVE-2017-7828

HIGH

Description

A use-after-free vulnerability can occur when flushing and resizing layout because the "PressShell" object has been freed while still in use. This results in a potentially exploitable crash during these operations. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.

References

http://www.securityfocus.com/bid/101832

http://www.securitytracker.com/id/1039803

https://access.redhat.com/errata/RHSA-2017:3247

https://access.redhat.com/errata/RHSA-2017:3372

https://bugzilla.mozilla.org/show_bug.cgi?id=1406750

https://bugzilla.mozilla.org/show_bug.cgi?id=1412252

https://lists.debian.org/debian-lts-announce/2017/11/msg00018.html

https://lists.debian.org/debian-lts-announce/2017/12/msg00001.html

https://www.debian.org/security/2017/dsa-4035

https://www.debian.org/security/2017/dsa-4061

https://www.debian.org/security/2017/dsa-4075

https://www.mozilla.org/security/advisories/mfsa2017-24/

https://www.mozilla.org/security/advisories/mfsa2017-25/

https://www.mozilla.org/security/advisories/mfsa2017-26/

Details

Source: MITRE

Published: 2018-06-11

Updated: 2018-08-02

Type: CWE-416

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*

Configuration 5

OR

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

Tenable Plugins

View all (38 total)

IDNameProductFamilySeverity
127363NewStart CGSL MAIN 4.05 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0119)NessusNewStart CGSL Local Security Checks
critical
127356NewStart CGSL MAIN 4.05 : firefox Multiple Vulnerabilities (NS-SA-2019-0116)NessusNewStart CGSL Local Security Checks
critical
127151NewStart CGSL MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0006)NessusNewStart CGSL Local Security Checks
critical
127141NewStart CGSL MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2019-0001)NessusNewStart CGSL Local Security Checks
critical
700332Mozilla Firefox ESR < 52.5 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
700322Mozilla Firefox < 57 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
critical
108820GLSA-201803-14 : Mozilla Thunderbird: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
105542Ubuntu 14.04 LTS / 16.04 LTS / 17.04 / 17.10 : firefox regression (USN-3477-4)NessusUbuntu Local Security Checks
critical
105497Debian DSA-4075-1 : thunderbird - security updateNessusDebian Local Security Checks
critical
105122Debian DSA-4061-1 : thunderbird - security updateNessusDebian Local Security Checks
critical
105115Debian DLA-1199-1 : thunderbird security updateNessusDebian Local Security Checks
critical
105096SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2017:3233-1)NessusSuSE Local Security Checks
critical
105058CentOS 6 / 7 : thunderbird (CESA-2017:3372)NessusCentOS Local Security Checks
critical
105044Mozilla Thunderbird < 52.5 Multiple VulnerabilitiesNessusWindows
critical
105043Mozilla Thunderbird < 52.5 Multiple Vulnerabilities (macOS)NessusMacOS X Local Security Checks
critical
105034SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2017:3213-1)NessusSuSE Local Security Checks
critical
105019Scientific Linux Security Update : thunderbird on SL6.x, SL7.x i386/x86_64 (20171204)NessusScientific Linux Local Security Checks
critical
105015Oracle Linux 6 / 7 : thunderbird (ELSA-2017-3372)NessusOracle Linux Local Security Checks
critical
104995Ubuntu 14.04 LTS / 16.04 LTS / 17.04 / 17.10 : thunderbird vulnerabilities (USN-3490-1)NessusUbuntu Local Security Checks
critical
104994Ubuntu 14.04 LTS / 16.04 LTS / 17.04 / 17.10 : firefox regressions (USN-3477-3)NessusUbuntu Local Security Checks
critical
104988RHEL 6 / 7 : thunderbird (RHSA-2017:3372)NessusRed Hat Local Security Checks
critical
104918EulerOS 2.0 SP2 : firefox (EulerOS-SA-2017-1300)NessusHuawei Local Security Checks
critical
104917EulerOS 2.0 SP1 : firefox (EulerOS-SA-2017-1299)NessusHuawei Local Security Checks
critical
104807Ubuntu 14.04 LTS / 16.04 LTS / 17.04 / 17.10 : firefox regression (USN-3477-2)NessusUbuntu Local Security Checks
critical
104798openSUSE Security Update : Mozilla Thunderbird (openSUSE-2017-1311)NessusSuSE Local Security Checks
critical
104701Scientific Linux Security Update : firefox on SL6.x, SL7.x i386/x86_64 (20171117)NessusScientific Linux Local Security Checks
critical
104700RHEL 6 / 7 : firefox (RHSA-2017:3247)NessusRed Hat Local Security Checks
critical
104698Oracle Linux 6 / 7 : firefox (ELSA-2017-3247)NessusOracle Linux Local Security Checks
critical
104675CentOS 6 / 7 : firefox (CESA-2017:3247)NessusCentOS Local Security Checks
critical
104652Ubuntu 14.04 LTS / 16.04 LTS / 17.04 / 17.10 : firefox vulnerabilities (USN-3477-1)NessusUbuntu Local Security Checks
critical
104648openSUSE Security Update : MozillaFirefox (openSUSE-2017-1279)NessusSuSE Local Security Checks
critical
104638Mozilla Firefox < 57 Multiple VulnerabilitiesNessusWindows
critical
104637Mozilla Firefox ESR < 52.5 Multiple VulnerabilitiesNessusWindows
critical
104636Mozilla Firefox < 57 Multiple Vulnerabilities (macOS)NessusMacOS X Local Security Checks
critical
104635Mozilla Firefox ESR < 52.5 Multiple Vulnerabilities (macOS)NessusMacOS X Local Security Checks
critical
104587Debian DSA-4035-1 : firefox-esr - security updateNessusDebian Local Security Checks
critical
104585Debian DLA-1172-1 : firefox-esr security updateNessusDebian Local Security Checks
critical
104564FreeBSD : mozilla -- multiple vulnerabilities (f78eac48-c3d1-4666-8de5-63ceea25a578)NessusFreeBSD Local Security Checks
critical