CVE-2017-7804

EPSS 0.69%
Veröffentlicht 11.06.2018 21:29:09
Zuletzt bearbeitet 21.11.2024 03:32:41
Quelle security@mozilla.org
Teams Watchlist Login
Unerledigt Login

The destructor function for the "WindowsDllDetourPatcher" class can be re-purposed by malicious code in concert with another vulnerability to write arbitrary data to an attacker controlled location in memory. This can be used to bypass existing memory protections in this situation. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version < 55.0

Microsoft ≫ Windows Version-

Mozilla ≫ Firefox ESR Version < 52.3.0

Microsoft ≫ Windows Version-

Mozilla ≫ Thunderbird Version < 52.3.0

Microsoft ≫ Windows Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.69%	0.708

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securitytracker.com/id/1039124

Third Party Advisory

VDB Entry

https://www.mozilla.org/security/advisories/mfsa2017-18/

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2017-19/

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2017-20/

Vendor Advisory

http://www.securityfocus.com/bid/100234

Third Party Advisory

VDB Entry