CVE-2017-7824

EUVD-2017-16799
A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
Affected Products (NVD)
VendorProductVersion
redhatenterprise_linux_aus
7.4
redhatenterprise_linux_desktop
6.0
redhatenterprise_linux_desktop
7.0
redhatenterprise_linux_eus
7.4
redhatenterprise_linux_eus
7.5
redhatenterprise_linux_server
6.0
redhatenterprise_linux_server
7.0
redhatenterprise_linux_workstation
6.0
redhatenterprise_linux_workstation
7.0
debiandebian_linux
7.0
debiandebian_linux
8.0
debiandebian_linux
9.0
mozillafirefox
𝑥
< 52.4.0
mozillafirefox
𝑥
< 56.0
mozillathunderbird
𝑥
< 52.4.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
firefox
sid
132.0.1-1
fixed
firefox-esr
bookworm
115.14.0esr-1~deb12u1
fixed
bookworm (security)
128.4.0esr-1~deb12u1
fixed
bullseye
115.14.0esr-1~deb11u1
fixed
bullseye (security)
128.4.0esr-1~deb11u1
fixed
sid
128.4.0esr-1
fixed
trixie
128.3.1esr-2
fixed
thunderbird
bookworm
1:115.12.0-1~deb12u1
fixed
bookworm (security)
1:128.4.0esr-1~deb12u1
fixed
bullseye
1:115.12.0-1~deb11u1
fixed
bullseye (security)
1:128.4.0esr-1~deb11u1
fixed
sid
1:128.4.0esr-1
fixed
trixie
1:128.4.0esr-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
artful
Fixed 56.0+build6-0ubuntu1
released
bionic
Fixed 56.0+build6-0ubuntu1
released
trusty
Fixed 56.0+build6-0ubuntu0.14.04.1
released
xenial
Fixed 56.0+build6-0ubuntu0.16.04.1
released
zesty
Fixed 56.0+build6-0ubuntu0.17.04.1
released
thunderbird
artful
Fixed 1:52.4.0+build1-0ubuntu2
released
bionic
Fixed 1:52.4.0+build1-0ubuntu2
released
trusty
Fixed 1:52.4.0+build1-0ubuntu0.14.04.2
released
xenial
Fixed 1:52.4.0+build1-0ubuntu0.16.04.2
released
zesty
Fixed 1:52.4.0+build1-0ubuntu0.17.04.2
released
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/101053
http://www.securitytracker.com/id/1039465
https://access.redhat.com/errata/RHSA-2017:2831
https://access.redhat.com/errata/RHSA-2017:2885
https://bugzilla.mozilla.org/show_bug.cgi?id=1398381
https://lists.debian.org/debian-lts-announce/2017/11/msg00000.html
https://security.gentoo.org/glsa/201803-14
https://www.debian.org/security/2017/dsa-3987
https://www.debian.org/security/2017/dsa-4014
https://www.mozilla.org/security/advisories/mfsa2017-21/
https://www.mozilla.org/security/advisories/mfsa2017-22/
https://www.mozilla.org/security/advisories/mfsa2017-23/
http://www.securityfocus.com/bid/101053
http://www.securitytracker.com/id/1039465
https://access.redhat.com/errata/RHSA-2017:2831
https://access.redhat.com/errata/RHSA-2017:2885
https://bugzilla.mozilla.org/show_bug.cgi?id=1398381
https://lists.debian.org/debian-lts-announce/2017/11/msg00000.html
https://security.gentoo.org/glsa/201803-14
https://www.debian.org/security/2017/dsa-3987
https://www.debian.org/security/2017/dsa-4014
https://www.mozilla.org/security/advisories/mfsa2017-21/
https://www.mozilla.org/security/advisories/mfsa2017-22/
https://www.mozilla.org/security/advisories/mfsa2017-23/