PT-2017-3992 · Mozilla+3 · Firefox Esr+5

Stephen Fewer

Published

2017-06-14

Updated

2024-12-12

CVE-2017-7804

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 55 Firefox ESR versions prior to 52.3 Thunderbird versions prior to 52.3

Description The issue is related to the destructor function for the WindowsDllDetourPatcher class, which can be exploited by malicious code to write arbitrary data to a controlled location in memory. This can bypass existing memory protections. The attack is limited to Windows operating systems. The vulnerability is associated with insufficient input validation in the destructor function of the WindowsDllDetourPatcher class in Firefox, Firefox ESR, and Thunderbird browsers, allowing a remote attacker to potentially elevate their privileges.

Recommendations For Firefox versions prior to 55, update to version 55 or later. For Firefox ESR versions prior to 52.3, update to version 52.3 or later. For Thunderbird versions prior to 52.3, update to version 52.3 or later.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2017-2019

ALT-PU-2017-2060

BDU:2021-00027

CVE-2017-7804

MGASA-2018-0018

OPENSUSE-SU-2017:2209-1

OPENSUSE-SU-2017_2151-1

OPENSUSE-SU-2017_2209-1

OPENSUSE-SU-2024:10600-1

OPENSUSE-SU-2024:10601-1

OPENSUSE-SU-2024:14572-1

SUSE-SU-2017:2302-1

SUSE-SU-2017:2589-1

Affected Products

Alt Linux

Firefox

Firefox Esr

Suse

Thunderbird

Windows

PT-2017-3992 · Mozilla+3 · Firefox Esr+5

CVE-2017-7804

Weakness Enumeration

Related Identifiers

Affected Products

References · 1984