CVE-2017-7782 — Improper Privilege Management in Mozilla Firefox

CWE-269 — Improper Privilege Management3 documents3 sources

Severity

5.3MEDIUMNVD

EPSS

0.5%

top 33.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Firefox ESR Mozilla Thunderbird +2 more

Timeline

PublishedJun 11

Latest updateMay 13

Description

An error in the "WindowsDllDetourPatcher" where a RWX ("Read/Write/Execute") 4k block is allocated but never protected, violating DEP protections. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages7 packages

▶CVEListV5mozilla/firefoxunspecified — 55

▶NVDmozilla/firefox< 52.3.0+1

▶CVEListV5mozilla/firefox_esrunspecified — 52.3

▶debiandebian/firefox

▶debiandebian/firefox-esr

Patches

Patch: bugzilla.mozilla.org ↗Patch: bugzilla.mozilla.org ↗

🔴Vulnerability Details

GHSA

GHSA-jp88-jrm3-mr7m: An error in the "WindowsDllDetourPatcher" where a RWX ("Read/Write/Execute") 4k block is allocated but never protected, violating DEP protections↗2022-05-13

▶

📋Vendor Advisories

Debian

CVE-2017-7782: firefox - An error in the "WindowsDllDetourPatcher" where a RWX ("Read/Write/Execute") 4k ...↗2017

▶