CVE-2017-7824
Published: 2 October 2017
A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
firefox Launchpad, Ubuntu, Debian |
upstream |
Released
(56.0)
|
| xenial |
Released
(56.0+build6-0ubuntu0.16.04.1)
|
|
| zesty |
Released
(56.0+build6-0ubuntu0.17.04.1)
|
|
| artful |
Released
(56.0+build6-0ubuntu1)
|
|
| bionic |
Released
(56.0+build6-0ubuntu1)
|
|
| trusty |
Released
(56.0+build6-0ubuntu0.14.04.1)
|
|
|
thunderbird Launchpad, Ubuntu, Debian |
upstream |
Released
(52.4.0)
|
| xenial |
Released
(1:52.4.0+build1-0ubuntu0.16.04.2)
|
|
| zesty |
Released
(1:52.4.0+build1-0ubuntu0.17.04.2)
|
|
| artful |
Released
(1:52.4.0+build1-0ubuntu2)
|
|
| bionic |
Released
(1:52.4.0+build1-0ubuntu2)
|
|
| trusty |
Released
(1:52.4.0+build1-0ubuntu0.14.04.2)
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 9.8 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |