CVE-2017-7828
Published: 15 November 2017
A use-after-free vulnerability can occur when flushing and resizing layout because the "PressShell" object has been freed while still in use. This results in a potentially exploitable crash during these operations. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.
Priority
Medium
CVSS 3 base score: 9.8
Status
| Package | Release | Status |
|---|---|---|
|
firefox Launchpad, Ubuntu, Debian |
Upstream |
Released
(57.0)
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(57.0.1+build2-0ubuntu1)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Released
(57.0+build4-0ubuntu0.16.04.5)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was released [57.0+build4-0ubuntu0.14.04.4])
|
|
|
thunderbird Launchpad, Ubuntu, Debian |
Upstream |
Released
(52.5.0)
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(1:52.6.0+build1-0ubuntu1)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Released
(1:52.5.0+build1-0ubuntu0.16.04.1)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was released [1:52.5.0+build1-0ubuntu0.14.04.1])
|