CVE-2017-7804
HIGHFirefox < 55 and Thunderbird < 52.3 - Memory Protection Bypass via WindowsDllDetourPatcher Destructor
Title source: llmDescription
The destructor function for the "WindowsDllDetourPatcher" class can be re-purposed by malicious code in concert with another vulnerability to write arbitrary data to an attacker controlled location in memory. This can be used to bypass existing memory protections in this situation. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
References (6)
Core 6
Core References
Vendor Advisory x_refsource_confirm
https://www.mozilla.org/security/advisories/mfsa2017-19/
Vendor Advisory x_refsource_confirm
https://www.mozilla.org/security/advisories/mfsa2017-20/
Vendor Advisory x_refsource_confirm
https://www.mozilla.org/security/advisories/mfsa2017-18/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/100234
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1039124
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=1372849
Scores
CVSS v3
7.5
EPSS
0.0069
EPSS Percentile
72.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-20
Status
published
Products (2)
mozilla/firefox
< 52.3.0
mozilla/thunderbird
< 52.3.0
Published
Jun 11, 2018
Tracked Since
Feb 18, 2026