CVE-2017-7824
CRITICALRedhat Enterprise Linux Aus < 52.4.0 - Memory Corruption
Title source: ruleDescription
A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.
References (12)
Core 12
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=1398381
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2017/11/msg00000.html
Vendor Advisory x_refsource_confirm
https://www.mozilla.org/security/advisories/mfsa2017-22/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1039465
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:2831
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:2885
Vendor Advisory x_refsource_confirm
https://www.mozilla.org/security/advisories/mfsa2017-21/
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2017/dsa-4014
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/101053
Vendor Advisory x_refsource_confirm
https://www.mozilla.org/security/advisories/mfsa2017-23/
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2017/dsa-3987
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201803-14
Scores
CVSS v3
9.8
EPSS
0.1206
EPSS Percentile
93.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
Status
published
Products (14)
debian/debian_linux
7.0
debian/debian_linux
8.0
debian/debian_linux
9.0
mozilla/firefox
< 52.4.0
mozilla/thunderbird
< 52.4.0
redhat/enterprise_linux_aus
7.4
redhat/enterprise_linux_desktop
6.0
redhat/enterprise_linux_desktop
7.0
redhat/enterprise_linux_eus
7.4
redhat/enterprise_linux_eus
7.5
... and 4 more
Published
Jun 11, 2018
Tracked Since
Feb 18, 2026