CVE-2017-7754Out-of-bounds Read in Mozilla Firefox

CWE-125Out-of-bounds Read11 documents8 sources
Severity
7.5HIGHNVD
OSV9.8
EPSS
1.4%
top 19.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird+7 more
Timeline
PublishedJun 11
Latest updateMay 14

Description

An out-of-bounds read in WebGL with a maliciously crafted "ImageInfo" object during WebGL operations. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages10 packages

CVEListV5mozilla/firefoxunspecified54
NVDmozilla/firefox< 54.0+1
CVEListV5mozilla/firefox_esrunspecified52.2
Ubuntumozilla/firefox< 54.0+build3-0ubuntu0.14.04.1+1
CVEListV5mozilla/thunderbirdunspecified52.2

Also affects: Debian Linux 8.0, 9.0, Enterprise Linux 6.0, 7.0, 7.3, 7.4, 7.5

Patches

Patch: bugzilla.mozilla.orgPatch: bugzilla.mozilla.org

🔴Vulnerability Details

5
GHSA
GHSA-q9cr-635r-8rc3: An out-of-bounds read in WebGL with a maliciously crafted "ImageInfo" object during WebGL operations2022-05-14
CVEList
CVE-2017-7754: An out-of-bounds read in WebGL with a maliciously crafted "ImageInfo" object during WebGL operations2018-06-11
OSV
CVE-2017-7754: An out-of-bounds read in WebGL with a maliciously crafted "ImageInfo" object during WebGL operations2018-06-11
OSV
thunderbird vulnerabilities2017-07-05
OSV
firefox vulnerabilities2017-06-15

📋Vendor Advisories

4
Ubuntu
Thunderbird vulnerabilities2017-07-05
Ubuntu
Firefox vulnerabilities2017-06-15
Red Hat
Mozilla: Out-of-bounds read in WebGL with ImageInfo object (MFSA 2017-16)2017-06-14
Debian
CVE-2017-7754: firefox - An out-of-bounds read in WebGL with a maliciously crafted "ImageInfo" object dur...2017

💬Community

1
Bugzilla
CVE-2017-7754 Mozilla: Out-of-bounds read in WebGL with ImageInfo object (MFSA 2017-16)2017-06-14
CVE-2017-7754 — Out-of-bounds Read in Mozilla Firefox | cvebase