Vulnerability CVE-2017-7824: Information

Description

A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2017-7824
Published: June 12, 2018
Modified: Aug. 9, 2018
Error type identifier: CWE-119

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
firefoxsisyphus56.0-alt1126.0.1-alt1ALT-PU-2017-2437-1190760Fixed
firefoxp1056.0-alt1118.0.2-alt0.p10.1ALT-PU-2017-2437-1190760Fixed
firefoxp956.0-alt1105.0.1-alt0.c9.1ALT-PU-2017-2437-1190760Fixed
firefoxp856.0-alt0.M80P.168.0.1-alt0.M80P.1ALT-PU-2017-2453-1190905Fixed
firefoxc10f156.0-alt1112.0.2-alt0.p10.1ALT-PU-2017-2437-1190760Fixed
firefoxc9f256.0-alt1105.0.1-alt0.c9.1ALT-PU-2017-2437-1190760Fixed
firefoxc752.5.3-alt0.M70C.160.8.0-alt0.M70C.1ALT-PU-2018-1225-1200642Fixed
firefoxp1156.0-alt1126.0.1-alt1ALT-PU-2017-2437-1190760Fixed
firefox-esrsisyphus52.4.0-alt1115.11.0-alt1ALT-PU-2017-2358-1189704Fixed
firefox-esrp1052.4.0-alt1115.11.0-alt1ALT-PU-2017-2358-1189704Fixed
firefox-esrp952.4.0-alt1102.11.0-alt0.c9.1ALT-PU-2017-2358-1189704Fixed
firefox-esrp852.4.0-alt0.M80P.168.4.1-alt0.M80P.1ALT-PU-2017-2359-1189718Fixed
firefox-esrc10f152.4.0-alt1115.9.1-alt0.c10.1ALT-PU-2017-2358-1189704Fixed
firefox-esrc9f252.4.0-alt1102.12.0-alt0.c9.1ALT-PU-2017-2358-1189704Fixed
firefox-esrp1152.4.0-alt1115.11.0-alt1ALT-PU-2017-2358-1189704Fixed
thunderbirdsisyphus52.4.0-alt1115.9.0-alt1ALT-PU-2017-2390-1190451Fixed
thunderbirdp1052.4.0-alt1115.9.0-alt1ALT-PU-2017-2390-1190451Fixed
thunderbirdp952.4.0-alt1102.11.0-alt0.c9.1ALT-PU-2017-2390-1190451Fixed
thunderbirdp852.4.0-alt0.M80P.160.8.0-alt0.M80P.1ALT-PU-2017-2391-1190492Fixed
thunderbirdc10f152.4.0-alt1115.9.0-alt0.c10.1ALT-PU-2017-2390-1190451Fixed
thunderbirdc9f252.4.0-alt1102.11.0-alt0.c9.1ALT-PU-2017-2390-1190451Fixed
thunderbirdc760.8.0-alt0.M70C.160.8.0-alt0.M70C.1ALT-PU-2019-2345-1234994Fixed
thunderbirdp1152.4.0-alt1115.9.0-alt1ALT-PU-2017-2390-1190451Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://www.mozilla.org/security/advisories/mfsa2017-23/
  • Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2017-22/
  • Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2017-21/
  • Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1398381
  • Issue Tracking
DSA-4014
  • Third Party Advisory
DSA-3987
  • Third Party Advisory
GLSA-201803-14
  • Third Party Advisory
[debian-lts-announce] 20171101 [SECURITY] [DLA 1153-1] icedove/thunderbird security update
  • Mailing List
  • Third Party Advisory
RHSA-2017:2885
  • Third Party Advisory
RHSA-2017:2831
  • Third Party Advisory
1039465
  • Third Party Advisory
  • VDB Entry
101053
  • Third Party Advisory
  • VDB Entry

    1. Configuration 1

      cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_aus:7.4:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*

      Configuration 2

      cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
      cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
      cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

      Configuration 3

      cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
      End excliding
      56.0
      cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
      End excliding
      52.4.0
      cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
      End excliding
      52.4.0
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.3
Back to top