CVE-2017-7845

Description

A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. Note: This attack only affects Windows operating systems. Other operating systems are unaffected. This vulnerability affects Thunderbird < 52.5.2, Firefox ESR < 52.5.2, and Firefox < 57.0.2.

References

Link	Tags
https://www.mozilla.org/security/advisories/mfsa2017-28/	vendor advisory
https://www.mozilla.org/security/advisories/mfsa2017-29/	vendor advisory
http://www.securitytracker.com/id/1040123	third party advisory vdb entry
https://www.mozilla.org/security/advisories/mfsa2017-30/	vendor advisory
http://www.securityfocus.com/bid/102115	third party advisory vdb entry
https://bugzilla.mozilla.org/show_bug.cgi?id=1402372	issue tracking permissions required

Frequently Asked Questions

What is the severity of CVE-2017-7845?: CVE-2017-7845 has been scored as a high severity vulnerability.
How to fix CVE-2017-7845?: To fix CVE-2017-7845, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2017-7845 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2017-7845 is being actively exploited. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2017-7845?: CVE-2017-7845 affects Mozilla Thunderbird, Mozilla Firefox ESR, Mozilla Firefox.

Description

Category

CWE-119 – Improper Restriction of Operations within the Bounds of a Memory Buffer

References

Frequently Asked Questions