PT-2017-4023 · Mozilla+2 · Firefox+2

Abhishek Arya

Published

2017-07-24

Updated

2024-12-12

CVE-2017-7813

CVSS v2.0

8.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:C

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 56

Description The issue is related to a JavaScript parser vulnerability in Mozilla Firefox, which involves reading data beyond buffer boundaries in memory. This can potentially allow a remote attacker to gain unauthorized access to protected information or cause a denial of service. The vulnerability usually results in a non-exploitable crash but can leak a limited amount of information from memory if it matches JavaScript identifier syntax.

Recommendations For versions prior to 56, update to version 56 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive information until the update is applied.

Exploit

Fix

Out of bounds Read

Incorrect Type Conversion or Cast

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-704

Related Identifiers

ALT-PU-2017-2437

ALT-PU-2018-1854

BDU:2021-00182

CVE-2017-7813

OPENSUSE-SU-2024:10600-1

OPENSUSE-SU-2024:14572-1

USN-3435-1

USN-3435-2

Affected Products

Alt Linux

Firefox

Ubuntu

PT-2017-4023 · Mozilla+2 · Firefox+2

CVE-2017-7813

Weakness Enumeration

Related Identifiers

Affected Products

References · 1896