CVE-2017-7824

CVSS v3.0 9.8 (Critical)

CVSS v2.0 7.5 (High)

EPSS 2.81 % (91^th)

Affected Products 9

Advisories 20

A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.

Weaknesses

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2018-06-11 21:29:11
(6 years ago)
Updated Date: 2018-08-09 16:25:56
(6 years ago)

Affected Products

Debian

Debian Linux

Mozilla

Redhat

Configuration #1

		CPE23	From	Up To
	Redhat Enterprise Linux Aus 7.4	cpe:2.3:o:redhat:enterprise_linux_aus:7.4
	Redhat Enterprise Linux Desktop 6.0	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0
	Redhat Enterprise Linux Desktop 7.0	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
	Redhat Enterprise Linux Eus 7.4	cpe:2.3:o:redhat:enterprise_linux_eus:7.4
	Redhat Enterprise Linux Eus 7.5	cpe:2.3:o:redhat:enterprise_linux_eus:7.5
	Redhat Enterprise Linux Server 6.0	cpe:2.3:o:redhat:enterprise_linux_server:6.0
	Redhat Enterprise Linux Server 7.0	cpe:2.3:o:redhat:enterprise_linux_server:7.0
	Redhat Enterprise Linux Workstation 6.0	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0
	Redhat Enterprise Linux Workstation 7.0	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0

Configuration #2

		CPE23	From	Up To
	Debian Linux 7.0	cpe:2.3:o:debian:debian_linux:7.0
	Debian Linux 8.0	cpe:2.3:o:debian:debian_linux:8.0
	Debian Linux 9.0	cpe:2.3:o:debian:debian_linux:9.0

Configuration #3

	CPE23	Up To
Mozilla Firefox prior 56.0 version	cpe:2.3:a:mozilla:firefox	< 56.0
Mozilla Firefox Esr prior 52.4.0 version	cpe:2.3:a:mozilla:firefox_esr	< 52.4.0
Mozilla Thunderbird prior 52.4.0 version	cpe:2.3:a:mozilla:thunderbird	< 52.4.0