CVE-2017-7804: Input Validation
First published: Tue Aug 08 2017(Updated: )
The destructor function for the "WindowsDllDetourPatcher" class can be re-purposed by malicious code in concert with another vulnerability to write arbitrary data to an attacker controlled location in memory. This can be used to bypass existing memory protections in this situation. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
Credit: security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Thunderbird | <52.3 | 52.3 |
| Firefox | <55.0 | |
| Firefox ESR | <52.3.0 | |
| Thunderbird | <52.3.0 | |
| Microsoft Windows | ||
| Firefox | <55 | 55 |
| Firefox ESR | <52.3 | 52.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.mozilla.org/show_bug.cgi?id=1372849
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-20/
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-19/
- http://www.securityfocus.com/bid/100234
- http://www.securitytracker.com/id/1039124
- https://www.mozilla.org/security/advisories/mfsa2017-18/
- https://www.mozilla.org/security/advisories/mfsa2017-19/
- https://www.mozilla.org/security/advisories/mfsa2017-20/
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2017-7800
- CVE-2017-7801
- CVE-2017-7809
- CVE-2017-7784
- CVE-2017-7802
- CVE-2017-7785
- CVE-2017-7786
- CVE-2017-7753
- CVE-2017-7787
- CVE-2017-7807
- CVE-2017-7792
- CVE-2017-7804
- CVE-2017-7791
- CVE-2017-7782
- CVE-2017-7803
- CVE-2017-7779
- CVE-2017-7798
- CVE-2017-7806
- CVE-2017-7808
- CVE-2017-7781
- CVE-2017-7794
- CVE-2017-7799
- CVE-2017-7783
- CVE-2017-7788
- CVE-2017-7789
- CVE-2017-7790
- CVE-2017-7796
- CVE-2017-7797
- CVE-2017-7780
Frequently Asked Questions
What is the severity of CVE-2017-7804?
CVE-2017-7804 has been classified as a high severity vulnerability due to its potential to allow arbitrary data writes.
How do I fix CVE-2017-7804?
To address CVE-2017-7804, users should update to Mozilla Firefox version 55 or later, or updated versions of Firefox ESR and Thunderbird.
What software is affected by CVE-2017-7804?
CVE-2017-7804 impacts Mozilla Firefox versions up to 55, Firefox ESR up to 52.3, and Thunderbird up to 52.3.
Can CVE-2017-7804 be exploited remotely?
Yes, CVE-2017-7804 can potentially be exploited remotely if the attacker tricks the victim into opening a malicious document or visiting a compromised website.
What types of attacks can CVE-2017-7804 enable?
CVE-2017-7804 can enable attacks that bypass existing memory protections, leading to arbitrary code execution in vulnerable systems.
- agent/type
- agent/first-publish-date
- agent/weakness
- agent/author
- agent/severity
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- collector/mozilla-advisory
- agent/software-canonical-lookup-request
- collector/nvd-index
- source/Mozilla
- agent/software-canonical-lookup
- agent/softwarecombine
- agent/tags
- vendor/mozilla
- canonical/thunderbird
- canonical/firefox
- canonical/firefox esr
- vendor/microsoft
- canonical/microsoft windows