Vulnerability CVE-2017-7826: Information

Description

Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2017-7826

Published: June 12, 2018

Modified: Aug. 1, 2018

Error type identifier: CWE-119

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
firefox	sisyphus	57.0.1-alt1	127.0-alt1	ALT-PU-2017-2739-1	195790	Fixed
firefox	p10	57.0.1-alt1	118.0.2-alt0.p10.1	ALT-PU-2017-2739-1	195790	Fixed
firefox	p9	57.0.1-alt1	105.0.1-alt0.c9.1	ALT-PU-2017-2739-1	195790	Fixed
firefox	p8	57.0.1-alt0.M80P.1	68.0.1-alt0.M80P.1	ALT-PU-2017-2773-1	195836	Fixed
firefox	c10f1	57.0.1-alt1	112.0.2-alt0.p10.1	ALT-PU-2017-2739-1	195790	Fixed
firefox	c9f2	57.0.1-alt1	105.0.1-alt0.c9.1	ALT-PU-2017-2739-1	195790	Fixed
firefox	c7	52.5.3-alt0.M70C.1	60.8.0-alt0.M70C.1	ALT-PU-2018-1225-1	200642	Fixed
firefox	p11	57.0.1-alt1	126.0.1-alt1	ALT-PU-2017-2739-1	195790	Fixed
firefox-esr	sisyphus	52.5.0-alt1	115.11.0-alt1	ALT-PU-2017-2652-1	194705	Fixed
firefox-esr	p10	52.5.0-alt1	115.11.0-alt1	ALT-PU-2017-2652-1	194705	Fixed
firefox-esr	p9	52.5.0-alt1	102.11.0-alt0.c9.1	ALT-PU-2017-2652-1	194705	Fixed
firefox-esr	p8	52.5.0-alt0.M80P.1	68.4.1-alt0.M80P.1	ALT-PU-2017-2654-1	194724	Fixed
firefox-esr	c10f1	52.5.0-alt1	115.9.1-alt0.c10.1	ALT-PU-2017-2652-1	194705	Fixed
firefox-esr	c9f2	52.5.0-alt1	102.12.0-alt0.c9.1	ALT-PU-2017-2652-1	194705	Fixed
firefox-esr	p11	52.5.0-alt1	115.11.0-alt1	ALT-PU-2017-2652-1	194705	Fixed
thunderbird	sisyphus	52.5.0-alt1	115.9.0-alt1	ALT-PU-2017-2703-1	195328	Fixed
thunderbird	p10	52.5.0-alt1	115.9.0-alt1	ALT-PU-2017-2703-1	195328	Fixed
thunderbird	p9	52.5.0-alt1	102.11.0-alt0.c9.1	ALT-PU-2017-2703-1	195328	Fixed
thunderbird	p8	52.5.0-alt0.M80P.1	60.8.0-alt0.M80P.1	ALT-PU-2017-2705-1	195473	Fixed
thunderbird	c10f1	52.5.0-alt1	115.9.0-alt0.c10.1	ALT-PU-2017-2703-1	195328	Fixed
thunderbird	c9f2	52.5.0-alt1	102.11.0-alt0.c9.1	ALT-PU-2017-2703-1	195328	Fixed
thunderbird	c7	60.8.0-alt0.M70C.1	60.8.0-alt0.M70C.1	ALT-PU-2019-2345-1	234994	Fixed
thunderbird	p11	52.5.0-alt1	115.9.0-alt1	ALT-PU-2017-2703-1	195328	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://www.mozilla.org/security/advisories/mfsa2017-26/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2017-25/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2017-24/	Vendor Advisory
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1394530%2C1369561%2C1411458%2C1400003%2C1395138%2C1408412%2C1393840%2C1400763%2C1339259%2C1394265%2C1407740%2C1407751%2C1408005%2C1406398%2C1387799%2C1261175%2C1400554%2C1375146%2C1397811%2C1404636%2C1401804	Issue Tracking Permissions Required Third Party Advisory
DSA-4075	Third Party Advisory
DSA-4061	Third Party Advisory
DSA-4035	Third Party Advisory
[debian-lts-announce] 20171209 [SECURITY] [DLA 1199-1] thunderbird security update	Third Party Advisory
[debian-lts-announce] 20171115 [SECURITY] [DLA 1172-1] firefox-esr security update	Third Party Advisory
RHSA-2017:3372	Third Party Advisory
RHSA-2017:3247	Third Party Advisory
1039803	Third Party Advisory VDB Entry
101832	Third Party Advisory VDB Entry
USN-3688-1	Third Party Advisory

Affected configurations:
1. Configuration 1
  cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
  cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  
  Configuration 2
  cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
  
  Configuration 3
  cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
  cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  
  Configuration 4
  cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
  End excliding
  57.0
  
  Configuration 5
  cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
  End excliding
  52.5.0
  
  Configuration 6
  cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
  End excliding
  52.5.0

Version: v24.5.3

Vulnerability CVE-2017-7826: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1

Configuration 2

Configuration 3

Configuration 4

Configuration 5

Configuration 6