1. Home
  2. Vulnerabilities
  3. CVE-2017-7804

CVE-2017-7804

CVSS v3.0 7.5 (High)
75% Progress
CVSS v2.0 5 (Medium)
50% Progress
EPSS 0.31 % (71th)
0.31% Progress
Affected Products 4
Advisories 7
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

The destructor function for the "WindowsDllDetourPatcher" class can be re-purposed by malicious code in concert with another vulnerability to write arbitrary data to an attacker controlled location in memory. This can be used to bypass existing memory protections in this situation. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

Weaknesses
CWE-20
Improper Input Validation
CVE Status
PUBLISHED
CNA
Mozilla Corporation
Published Date
2018-06-11 21:29:09
(6 years ago)
Updated Date
2018-08-06 16:27:10
(6 years ago)

Affected Products

Microsoft

Mozilla

Configuration #1

AND
    CPE23 From Up To
OR  
  Mozilla Firefox prior 55.0 version cpe:2.3:a:mozilla:firefox < 55.0
OR  
  Running on/with
  Mozilla Firefox Esr prior 52.3.0 version cpe:2.3:a:mozilla:firefox_esr < 52.3.0
OR  
  Running on/with
  Mozilla Thunderbird prior 52.3.0 version cpe:2.3:a:mozilla:thunderbird < 52.3.0
OR  
  Running on/with
  Microsoft Windows cpe:2.3:o:microsoft:windows:-