Your submission was sent successfully! Close

CVE-2017-7828

Published: 15 November 2017

A use-after-free vulnerability can occur when flushing and resizing layout because the "PressShell" object has been freed while still in use. This results in a potentially exploitable crash during these operations. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
Upstream
Released (57.0)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (57.0.1+build2-0ubuntu1)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (57.0+build4-0ubuntu0.16.04.5)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [57.0+build4-0ubuntu0.14.04.4])
thunderbird
Launchpad, Ubuntu, Debian
Upstream
Released (52.5.0)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (1:52.6.0+build1-0ubuntu1)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (1:52.5.0+build1-0ubuntu0.16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [1:52.5.0+build1-0ubuntu0.14.04.1])