CVE-2017-7804

EUVD-2017-16779
The destructor function for the "WindowsDllDetourPatcher" class can be re-purposed by malicious code in concert with another vulnerability to write arbitrary data to an attacker controlled location in memory. This can be used to bypass existing memory protections in this situation. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 71%
Affected Products (NVD)
VendorProductVersion
mozillafirefox
𝑥
< 52.3.0
mozillafirefox
𝑥
< 55.0
mozillathunderbird
𝑥
< 52.3.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
firefox
sid
132.0.1-1
fixed
firefox-esr
bookworm
115.14.0esr-1~deb12u1
fixed
bookworm (security)
128.4.0esr-1~deb12u1
fixed
bullseye
115.14.0esr-1~deb11u1
fixed
bullseye (security)
128.4.0esr-1~deb11u1
fixed
sid
128.4.0esr-1
fixed
trixie
128.3.1esr-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
trusty
dne
xenial
not-affected
zesty
not-affected
thunderbird
trusty
dne
xenial
not-affected
zesty
not-affected
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/100234
http://www.securitytracker.com/id/1039124
https://bugzilla.mozilla.org/show_bug.cgi?id=1372849
https://www.mozilla.org/security/advisories/mfsa2017-18/
https://www.mozilla.org/security/advisories/mfsa2017-19/
https://www.mozilla.org/security/advisories/mfsa2017-20/
http://www.securityfocus.com/bid/100234
http://www.securitytracker.com/id/1039124
https://bugzilla.mozilla.org/show_bug.cgi?id=1372849
https://www.mozilla.org/security/advisories/mfsa2017-18/
https://www.mozilla.org/security/advisories/mfsa2017-19/
https://www.mozilla.org/security/advisories/mfsa2017-20/