The destructor function for the "WindowsDllDetourPatcher" class can be re-purposed by malicious code in concert with another vulnerability to write arbitrary data to an attacker controlled location in memory. This can be used to bypass existing memory protections in this situation. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/100234 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1039124 | Third Party Advisory VDB Entry |
https://bugzilla.mozilla.org/show_bug.cgi?id=1372849 | Issue Tracking Third Party Advisory |
https://www.mozilla.org/security/advisories/mfsa2017-18/ | Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2017-19/ | Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2017-20/ | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mozilla
Published: 2018-06-11T21:00:00
Updated: 2018-06-12T09:57:01
Reserved: 2017-04-12T00:00:00
Link: CVE-2017-7804
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-06-11T21:29:09.983
Modified: 2018-08-06T16:27:10.237
Link: CVE-2017-7804
JSON object: View
Redhat Information
No data.
CWE