First published: Tue Aug 08 2017(Updated: )
The Developer Tools feature suffered from XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case this could allow arbitrary code execution when opening a malicious page with the style editor tool. External Reference: <a href="https://www.mozilla.org/en-US/security/advisories/mfsa2017-19/#CVE-2017-7798">https://www.mozilla.org/en-US/security/advisories/mfsa2017-19/#CVE-2017-7798</a> Acknowledgements: Name: the Mozilla project Upstream: Frederik Braun
Credit: security@mozilla.org
Affected Software | Affected Version | How to fix |
---|---|---|
debian/firefox | 118.0.2-1 | |
debian/firefox-esr | 91.12.0esr-1~deb10u1 115.3.1esr-1~deb10u1 102.15.0esr-1~deb11u1 115.3.1esr-1~deb11u1 102.15.1esr-1~deb12u1 115.3.0esr-1~deb12u1 115.3.0esr-1 | |
Debian | =8.0 | |
Debian | =9.0 | |
Red Hat Enterprise Linux | =6.0 | |
Red Hat Enterprise Linux | =7.0 | |
Red Hat Enterprise Linux Desktop | =6.0 | |
Red Hat Enterprise Linux Desktop | =7.0 | |
Red Hat Enterprise Linux Server | =6.0 | |
Red Hat Enterprise Linux Server | =7.0 | |
Red Hat Enterprise Linux Server | =7.3 | |
Red Hat Enterprise Linux Server | =7.4 | |
Red Hat Enterprise Linux Server | =7.3 | |
Red Hat Enterprise Linux Server | =7.4 | |
Red Hat Enterprise Linux Server | =7.5 | |
Red Hat Enterprise Linux Workstation | =6.0 | |
Red Hat Enterprise Linux Workstation | =7.0 | |
Firefox | <55.0 | |
Firefox ESR | <52.3.0 | |
Firefox ESR | <52.3 | 52.3 |
Firefox | <55 | 55 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2017-7798 has a moderate severity rating due to the potential for arbitrary code execution.
To fix CVE-2017-7798, update Firefox or Firefox ESR to the latest version available.
CVE-2017-7798 affects Firefox versions up to 55 and Firefox ESR versions up to 52.3.
Yes, CVE-2017-7798 can be exploited remotely by visiting a malicious web page that utilizes the style editor tool.
CVE-2017-7798 is a XUL injection vulnerability caused by improper sanitization of web page source code.