CVE-2017-7836

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 57

Description The issue is related to the "pingsender" executable used by the Firefox Health Report, which dynamically loads a system copy of libcurl. An attacker with local system access could replace libcurl, allowing for privilege escalation as the replaced libcurl code will run with Firefox's privileges. This issue affects OS X and Linux systems, while Windows systems are not affected.

Recommendations For versions prior to 57, update to version 57 or later to resolve the issue. As a temporary workaround, consider restricting access to the system copy of libcurl to minimize the risk of exploitation.