CVE-2017-7767
First published: Tue Jun 13 2017(Updated: )
The Mozilla Maintenance Service can be invoked by an unprivileged user to overwrite arbitrary files with junk data using the Mozilla Windows Updater, which runs with the Maintenance Service's privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.
Credit: security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Firefox | <54.0 | |
| Firefox ESR | <52.2.0 | |
| Microsoft Windows | ||
| Firefox | <54 | 54 |
| Firefox ESR | <52.2 | 52.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.mozilla.org/show_bug.cgi?id=1336964
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7758
- http://www.securityfocus.com/bid/99057
- http://www.securitytracker.com/id/1038689
- https://www.mozilla.org/security/advisories/mfsa2017-15/
- https://www.mozilla.org/security/advisories/mfsa2017-16/
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2017-5472
- CVE-2017-7749
- CVE-2017-7750
- CVE-2017-7751
- CVE-2017-7752
- CVE-2017-7754
- CVE-2017-7755
- CVE-2017-7756
- CVE-2017-7757
- CVE-2017-7778
- CVE-2017-7758
- CVE-2017-7759
- CVE-2017-7760
- CVE-2017-7761
- CVE-2017-7762
- CVE-2017-7763
- CVE-2017-7764
- CVE-2017-7765
- CVE-2017-7766
- CVE-2017-7767
- CVE-2017-7768
- CVE-2017-7770
- CVE-2017-5471
- CVE-2017-5470
Frequently Asked Questions
What is the severity of CVE-2017-7767?
CVE-2017-7767 has a medium severity rating as it allows unprivileged users to overwrite arbitrary files.
How do I fix CVE-2017-7767?
To fix CVE-2017-7767, upgrade to Firefox ESR version 52.3 or later, or Firefox version 54.0 or later.
Which versions of Firefox are affected by CVE-2017-7767?
CVE-2017-7767 affects Firefox ESR up to version 52.2 and Firefox up to version 54.
Is CVE-2017-7767 a remote attack vulnerability?
No, CVE-2017-7767 requires local system access to exploit the vulnerability.
What platforms are vulnerable to CVE-2017-7767?
CVE-2017-7767 only affects the Windows platform.
- agent/type
- agent/first-publish-date
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/mozilla-advisory
- source/Mozilla
- agent/software-canonical-lookup
- vendor/mozilla
- canonical/firefox
- canonical/firefox esr
- vendor/microsoft
- canonical/microsoft windows