7.5

CVE-2017-7804

The destructor function for the "WindowsDllDetourPatcher" class can be re-purposed by malicious code in concert with another vulnerability to write arbitrary data to an attacker controlled location in memory. This can be used to bypass existing memory protections in this situation. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox Version < 52.3.0
   MicrosoftWindows Version-
MozillaFirefox Version < 55.0
   MicrosoftWindows Version-
MozillaThunderbird Version < 52.3.0
   MicrosoftWindows Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.51% 0.71
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securitytracker.com/id/1039124
Third Party Advisory
VDB Entry
https://www.mozilla.org/security/advisories/mfsa2017-18/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2017-19/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2017-20/
Vendor Advisory
http://www.securityfocus.com/bid/100234
Third Party Advisory
VDB Entry
https://bugzilla.mozilla.org/show_bug.cgi?id=1372849
Third Party Advisory
Issue Tracking