CVE-2017-7798: Code Injection
First published: Tue Aug 08 2017(Updated: )
The Developer Tools feature suffered from XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case this could allow arbitrary code execution when opening a malicious page with the style editor tool. External Reference: <a href="https://www.mozilla.org/en-US/security/advisories/mfsa2017-19/#CVE-2017-7798">https://www.mozilla.org/en-US/security/advisories/mfsa2017-19/#CVE-2017-7798</a> Acknowledgements: Name: the Mozilla project Upstream: Frederik Braun
Credit: security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/firefox | 118.0.2-1 | |
| debian/firefox-esr | 91.12.0esr-1~deb10u1 115.3.1esr-1~deb10u1 102.15.0esr-1~deb11u1 115.3.1esr-1~deb11u1 102.15.1esr-1~deb12u1 115.3.0esr-1~deb12u1 115.3.0esr-1 | |
| Debian | =8.0 | |
| Debian | =9.0 | |
| Red Hat Enterprise Linux | =6.0 | |
| Red Hat Enterprise Linux | =7.0 | |
| Red Hat Enterprise Linux Desktop | =6.0 | |
| Red Hat Enterprise Linux Desktop | =7.0 | |
| Red Hat Enterprise Linux Server | =6.0 | |
| Red Hat Enterprise Linux Server | =7.0 | |
| Red Hat Enterprise Linux Server | =7.3 | |
| Red Hat Enterprise Linux Server | =7.4 | |
| Red Hat Enterprise Linux Server | =7.3 | |
| Red Hat Enterprise Linux Server | =7.4 | |
| Red Hat Enterprise Linux Server | =7.5 | |
| Red Hat Enterprise Linux Workstation | =6.0 | |
| Red Hat Enterprise Linux Workstation | =7.0 | |
| Firefox | <55.0 | |
| Firefox ESR | <52.3.0 | |
| Firefox ESR | <52.3 | 52.3 |
| Firefox | <55 | 55 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://security-tracker.debian.org/tracker/CVE-2017-7798
- http://www.securityfocus.com/bid/100198
- http://www.securitytracker.com/id/1039124
- https://access.redhat.com/errata/RHSA-2017:2456
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1371586%2C1372112
- https://www.debian.org/security/2017/dsa-3928
- https://www.mozilla.org/security/advisories/mfsa2017-18/
- https://www.mozilla.org/security/advisories/mfsa2017-19/
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-19/#CVE-2017-7798
- https://bugzilla.redhat.com/show_bug.cgi?id=1479213
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-19/
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2017-7798
- CVE-2017-7800
- CVE-2017-7801
- CVE-2017-7809
- CVE-2017-7784
- CVE-2017-7802
- CVE-2017-7785
- CVE-2017-7786
- CVE-2017-7753
- CVE-2017-7787
- CVE-2017-7807
- CVE-2017-7792
- CVE-2017-7804
- CVE-2017-7791
- CVE-2017-7782
- CVE-2017-7803
- CVE-2017-7779
- CVE-2017-7806
- CVE-2017-7808
- CVE-2017-7781
- CVE-2017-7794
- CVE-2017-7799
- CVE-2017-7783
- CVE-2017-7788
- CVE-2017-7789
- CVE-2017-7790
- CVE-2017-7796
- CVE-2017-7797
- CVE-2017-7780
Frequently Asked Questions
What is the severity of CVE-2017-7798?
CVE-2017-7798 has a moderate severity rating due to the potential for arbitrary code execution.
How do I fix CVE-2017-7798?
To fix CVE-2017-7798, update Firefox or Firefox ESR to the latest version available.
Which versions of Firefox are affected by CVE-2017-7798?
CVE-2017-7798 affects Firefox versions up to 55 and Firefox ESR versions up to 52.3.
Can CVE-2017-7798 be exploited remotely?
Yes, CVE-2017-7798 can be exploited remotely by visiting a malicious web page that utilizes the style editor tool.
What type of vulnerability is CVE-2017-7798?
CVE-2017-7798 is a XUL injection vulnerability caused by improper sanitization of web page source code.
- collector/security-tracker-debian
- agent/type
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2017-7798
- agent/weakness
- agent/author
- agent/severity
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/mozilla-advisory
- source/Mozilla
- agent/software-canonical-lookup
- package-manager/debian
- vendor/debian
- canonical/debian
- version/debian/8.0
- version/debian/9.0
- vendor/redhat
- canonical/red hat enterprise linux
- version/red hat enterprise linux/6.0
- version/red hat enterprise linux/7.0
- canonical/red hat enterprise linux desktop
- version/red hat enterprise linux desktop/6.0
- version/red hat enterprise linux desktop/7.0
- canonical/red hat enterprise linux server
- version/red hat enterprise linux server/6.0
- version/red hat enterprise linux server/7.0
- version/red hat enterprise linux server/7.3
- version/red hat enterprise linux server/7.4
- version/red hat enterprise linux server/7.5
- canonical/red hat enterprise linux workstation
- version/red hat enterprise linux workstation/6.0
- version/red hat enterprise linux workstation/7.0
- vendor/mozilla
- canonical/firefox
- canonical/firefox esr