PT-2017-3992 · Mozilla+3 · Firefox Esr+5

Stephen Fewer

Publicado

2017-06-14

Atualizado

2024-12-12

CVE-2017-7804

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 55 Firefox ESR versions prior to 52.3 Thunderbird versions prior to 52.3

Description The issue is related to the destructor function for the WindowsDllDetourPatcher class, which can be exploited by malicious code to write arbitrary data to a controlled location in memory. This can bypass existing memory protections. The attack is limited to Windows operating systems. The vulnerability is associated with insufficient input validation in the destructor function of the WindowsDllDetourPatcher class in Firefox, Firefox ESR, and Thunderbird browsers, allowing a remote attacker to potentially elevate their privileges.

Recommendations For Firefox versions prior to 55, update to version 55 or later. For Firefox ESR versions prior to 52.3, update to version 52.3 or later. For Thunderbird versions prior to 52.3, update to version 52.3 or later.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

ALT-PU-2017-2019

ALT-PU-2017-2060

BDU:2021-00027

CVE-2017-7804

MGASA-2018-0018

OPENSUSE-SU-2017:2209-1

OPENSUSE-SU-2017_2151-1

OPENSUSE-SU-2017_2209-1

OPENSUSE-SU-2024:10600-1

OPENSUSE-SU-2024:10601-1

OPENSUSE-SU-2024:14572-1

SUSE-SU-2017:2302-1

SUSE-SU-2017:2589-1

Produtos afetados

Alt Linux

Firefox

Firefox Esr

Suse

Thunderbird

Windows

PT-2017-3992 · Mozilla+3 · Firefox Esr+5

CVE-2017-7804

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 1984