CVE-2017-7752 — Use After Free in Mozilla Firefox
Severity
8.8HIGHNVD
OSV9.8
EPSS
1.0%
top 23.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 11
Latest updateMay 14
Description
A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. This results in a potentially exploitable crash but would require specific user interaction to trigger. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages10 packages
Also affects: Debian Linux 8.0, 9.0, Enterprise Linux 6.0, 7.0, 7.3, 7.4, 7.5
🔴Vulnerability Details
5GHSA▶
GHSA-2hv4-552m-4mw7: A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled↗2022-05-14
OSV▶
CVE-2017-7752: A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled↗2018-06-11
CVEList▶
CVE-2017-7752: A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled↗2018-06-11