Published: 11/06/2018 Updated: 03/10/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

An error in the "WindowsDllDetourPatcher" where a RWX ("Read/Write/Execute") 4k block is allocated but never protected, violating DEP protections. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla thunderbird
mozilla firefox_esr
mozilla firefox

Mozilla Foundation Security Advisory 2017-19 Security vulnerabilities fixed in Firefox ESR 523 Announced August 8, 2017 Impact critical Products Firefox ESR Fixed in Firefox ESR 523 ...

Mozilla Foundation Security Advisory 2017-18 Security vulnerabilities fixed in Firefox 55 Announced August 8, 2017 Impact critical Products Firefox Fixed in Firefox 55 ...

Mozilla Foundation Security Advisory 2017-20 Security vulnerabilities fixed in Thunderbird 523 Announced August 18, 2017 Impact critical Products Thunderbird Fixed in Thunderbird 523 ...

CWE-269 https://www.mozilla.org/security/advisories/mfsa2017-20/https://www.mozilla.org/security/advisories/mfsa2017-19/https://www.mozilla.org/security/advisories/mfsa2017-18/https://bugzilla.mozilla.org/show_bug.cgi?id=1344034 http://www.securitytracker.com/id/1039124 http://www.securityfocus.com/bid/100243 https://nvd.nist.gov https://www.mozilla.org/en-US/security/advisories/mfsa2017-19/

CVE-2017-7782

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect