PT-2017-3377 · Mozilla+5 · Firefox Esr+7

Martin Thomson

Published

2017-06-30

Updated

2024-12-12

CVE-2017-7805

CVSS v2.0

7.6

High

Vector

AV:N/AC:H/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 56 Mozilla Firefox ESR versions prior to 52.4 Thunderbird versions prior to 52.4

Description The issue is related to a use-after-free error in the implementation of the TLS 1.2 protocol. This occurs when the handshake transcript exceeds the available space in the current buffer, causing the allocation of a new buffer and leaving a pointer to the old, freed buffer. As a result, a use-after-free error happens when handshake hashes are calculated, potentially leading to a crash.

Recommendations For Mozilla Firefox versions prior to 56, update to version 56 or later to resolve the issue. For Mozilla Firefox ESR versions prior to 52.4, update to version 52.4 or later to resolve the issue. For Thunderbird versions prior to 52.4, update to version 52.4 or later to resolve the issue.

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2017-2358

ALT-PU-2017-2437

ALT-PU-2017-2652

ALT-PU-2017-2703

ALT-PU-2017-2739

BDU:2018-00159

CESA-2017_2832

CVE-2017-7805

DLA-1118-1

DLA-1138-1

DLA-1153-1

DSA-3987-1

DSA-3998-1

DSA-4014-1

MGASA-2017-0361

MGASA-2018-0018

OPENSUSE-SU-2017:2707-1

OPENSUSE-SU-2017:2710-1

OPENSUSE-SU-2017_2615-1

OPENSUSE-SU-2017_2710-1

OPENSUSE-SU-2024:10600-1

OPENSUSE-SU-2024:10601-1

OPENSUSE-SU-2024:14572-1

RHSA-2017:2832

RHSA-2017_2832

SUSE-SU-2017:2688-1

SUSE-SU-2017:2872-1

SUSE-SU-2017:2872-2

USN-3431-1

USN-3435-1

USN-3435-2

USN-3436-1

Affected Products

Alt Linux

Centos

Firefox

Firefox Esr

Red Hat

Suse

Thunderbird

Ubuntu

PT-2017-3377 · Mozilla+5 · Firefox Esr+7

CVE-2017-7805

Weakness Enumeration

Related Identifiers

Affected Products

References · 2036