1. Home
  2. Vulnerabilities
  3. CVE-2017-7845

CVE-2017-7845

CVSS v3.0 8.8 (High)
88% Progress
CVSS v2.0 9.3 (High)
93% Progress
EPSS 1.18 % (85th)
1.18% Progress
Affected Products 4
Advisories 4
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. Note: This attack only affects Windows operating systems. Other operating systems are unaffected. This vulnerability affects Thunderbird < 52.5.2, Firefox ESR < 52.5.2, and Firefox < 57.0.2.

Weaknesses
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE Status
PUBLISHED
CNA
Mozilla Corporation
Published Date
2018-06-11 21:29:12
(6 years ago)
Updated Date
2018-08-09 16:27:35
(6 years ago)

Affected Products

Microsoft

Mozilla

Configuration #1

AND
    CPE23 From Up To
OR  
  Mozilla Firefox prior 57.0.2 version cpe:2.3:a:mozilla:firefox < 57.0.2
OR  
  Running on/with
  Mozilla Firefox Esr prior 52.5.2 version cpe:2.3:a:mozilla:firefox_esr < 52.5.2
OR  
  Running on/with
  Mozilla Thunderbird prior 52.5.2 version cpe:2.3:a:mozilla:thunderbird < 52.5.2
OR  
  Running on/with
  Microsoft Windows cpe:2.3:o:microsoft:windows:-