CVE-2017-7798: Code Injection

First published: Tue Aug 08 2017(Updated: )

The Developer Tools feature suffered from XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case this could allow arbitrary code execution when opening a malicious page with the style editor tool. External Reference: <a href="https://www.mozilla.org/en-US/security/advisories/mfsa2017-19/#CVE-2017-7798">https://www.mozilla.org/en-US/security/advisories/mfsa2017-19/#CVE-2017-7798</a> Acknowledgements: Name: the Mozilla project Upstream: Frederik Braun

Credit: security@mozilla.org

Affected Software	Affected Version	How to fix
Mozilla Firefox ESR	<52.3	52.3
	<55	55
	<52.3	52.3
Debian Debian Linux	=8.0
Debian Debian Linux	=9.0
Redhat Enterprise Linux	=6.0
Redhat Enterprise Linux	=7.0
Redhat Enterprise Linux Desktop	=6.0
Redhat Enterprise Linux Desktop	=7.0
Redhat Enterprise Linux Server	=6.0
Redhat Enterprise Linux Server	=7.0
Redhat Enterprise Linux Server Aus	=7.3
Redhat Enterprise Linux Server Aus	=7.4
Redhat Enterprise Linux Server Eus	=7.3
Redhat Enterprise Linux Server Eus	=7.4
Redhat Enterprise Linux Server Eus	=7.5
Redhat Enterprise Linux Workstation	=6.0
Redhat Enterprise Linux Workstation	=7.0
Mozilla Firefox	<55.0
Mozilla Firefox ESR	<52.3.0
debian/firefox		118.0.2-1
debian/firefox-esr		91.12.0esr-1~deb10u1 115.3.1esr-1~deb10u1 102.15.0esr-1~deb11u1 115.3.1esr-1~deb11u1 102.15.1esr-1~deb12u1 115.3.0esr-1~deb12u1 115.3.0esr-1

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

collector/security-tracker-debian
agent/type
agent/last-modified-date
agent/first-publish-date
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2017-7798
agent/softwarecombine
agent/weakness
agent/author
agent/severity
agent/event
collector/mozilla-advisory
source/Mozilla
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/references
agent/tags
agent/description
collector/nvd-index
collector/mitre-cve
source/MITRE
package-manager/debian
vendor/mozilla
canonical/mozilla firefox esr
canonical/mozilla firefox
vendor/debian
canonical/debian debian linux
version/debian debian linux/8.0
version/debian debian linux/9.0
vendor/redhat
canonical/redhat enterprise linux
version/redhat enterprise linux/6.0
version/redhat enterprise linux/7.0
canonical/redhat enterprise linux desktop
version/redhat enterprise linux desktop/6.0
version/redhat enterprise linux desktop/7.0
canonical/redhat enterprise linux server
version/redhat enterprise linux server/6.0
version/redhat enterprise linux server/7.0
canonical/redhat enterprise linux server aus
version/redhat enterprise linux server aus/7.3
version/redhat enterprise linux server aus/7.4
canonical/redhat enterprise linux server eus
version/redhat enterprise linux server eus/7.3
version/redhat enterprise linux server eus/7.4
version/redhat enterprise linux server eus/7.5
canonical/redhat enterprise linux workstation
version/redhat enterprise linux workstation/6.0
version/redhat enterprise linux workstation/7.0

CVE-2017-7798: Code Injection

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

Peer vulnerabilities

Company

Resources

Contact