CVE-2017-7753

Description

An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

Risk Information

Base Score

9.1

MODERATE

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

EPSS Score

Exploitation Probability

1.721

Associated Vulnerability

Vulnerability	OS Platform
Update for Mozilla Firefox ESR (52.3.0)	Windows
Update for Mozilla Firefox ESR x64 (52.3.0)	Windows
Update for Mozilla Firefox (55.0)	Windows
Update for Mozilla Firefox x64 (55.0)	Windows
Update for Mozilla Firefox (55.0.1)	Windows
Update for Mozilla Firefox x64 (55.0.1)	Windows
Update for Mozilla Firefox (55.0.2)	Windows
Update for Mozilla Firefox x64 (55.0.2)	Windows
Update for Mozilla Thunderbird (52.3.0)	Windows
Update for Mozilla Firefox (55.0.3)	Windows
Update for Mozilla Firefox x64 (55.0.3)	Windows
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (55.0)	Mac
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (55.0.2)	Mac
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (55.0.3)	Mac
Multiple Vulnerabilities are affected in Firefox ESR for Mac 52.2.1	Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 52.2.1	Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 54.0.1	Mac
Multiple Vulnerabilities are affected in Mozilla Thunderbird for Mac 52.2.1	Mac
Multiple vulnerabilities are fixed in Mozilla Firefox For Mac 52.3	Mac
Ubuntu Firefox specific configuration defaults and apt support (USN-2458-2) xul-ext-ubufox_3.4-0ubuntu0.14.04.1_all.deb	Linux
Mozilla Open Source web browser (USN-3391-1) firefox_55.0.1+build2-0ubuntu0.14.04.2_i386.deb	Linux
Mozilla Open Source web browser (USN-3391-3) firefox_55.0.2+build1-0ubuntu0.14.04.1_i386.deb	Linux
Icedove 1:45.8.0-3 for Debian GNU/Linux 9 (Stretch) icedove_45.8.0-3_all.deb	Linux
firefox-esr security update(DSA-3928-1) firefox-esr_45.9.0esr-1_i386.deb	Linux
firefox-esr security update(DSA-3928-1) firefox-esr_52.3.0esr-1~deb8u1_i386.deb	Linux
SUSE-SU-2017:2302-1(SUSE Linux Enterprise Server 11-SP4 ) MozillaFirefox-branding-SLED-52-24.5.1.x86_64.rpm	Linux

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-306195	Update for Mozilla Firefox ESR (52.3.0)
PATCH-306197	Update for Mozilla Firefox (55.0)
PATCH-306198	Update for Mozilla Firefox x64 (55.0)
PATCH-306230	Update for Mozilla Firefox (55.0.1)
PATCH-306231	Update for Mozilla Firefox x64 (55.0.1)
PATCH-306259	Update for Mozilla Firefox (55.0.2)
PATCH-306260	Update for Mozilla Firefox x64 (55.0.2)
PATCH-306311	Update for Mozilla Firefox (55.0.3)
PATCH-306312	Update for Mozilla Firefox x64 (55.0.3)
PATCH-607000	Mozilla Firefox For Mac (124.0)
PATCH-607000	Mozilla Firefox For Mac (124.0)
PATCH-607000	Mozilla Firefox For Mac (124.0)
PATCH-611808	Mozilla Firefox ESR for MAC 128.14.0
PATCH-611870	Mozilla Firefox For Mac (142.0.1)
PATCH-611870	Mozilla Firefox For Mac (142.0.1)
PATCH-611807	Mozilla Thunderbird For Mac (142.0)
PATCH-612783	Mozilla Firefox For Mac (145.0.1)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234