CVE-2017-7790

Description

On Windows systems, if non-null-terminated strings are copied into the crash reporter for some specific registry keys, stack memory data can be copied until a null is found. This can potentially contain private data from the local system. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Firefox < 55.

Risk Information

Base Score

7.5

MODERATE

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score

Exploitation Probability

0.276

Associated Vulnerability

Vulnerability	OS Platform
Update for Mozilla Firefox (55.0)	Windows
Update for Mozilla Firefox x64 (55.0)	Windows
Update for Mozilla Firefox (55.0.1)	Windows
Update for Mozilla Firefox x64 (55.0.1)	Windows
Update for Mozilla Firefox (55.0.2)	Windows
Update for Mozilla Firefox x64 (55.0.2)	Windows
Update for Mozilla Firefox (55.0.3)	Windows
Update for Mozilla Firefox x64 (55.0.3)	Windows
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (55.0)	Mac
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (55.0.2)	Mac
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (55.0.3)	Mac

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-306197	Update for Mozilla Firefox (55.0)
PATCH-306198	Update for Mozilla Firefox x64 (55.0)
PATCH-306230	Update for Mozilla Firefox (55.0.1)
PATCH-306231	Update for Mozilla Firefox x64 (55.0.1)
PATCH-306259	Update for Mozilla Firefox (55.0.2)
PATCH-306260	Update for Mozilla Firefox x64 (55.0.2)
PATCH-306311	Update for Mozilla Firefox (55.0.3)
PATCH-306312	Update for Mozilla Firefox x64 (55.0.3)
PATCH-607000	Mozilla Firefox For Mac (124.0)
PATCH-607000	Mozilla Firefox For Mac (124.0)
PATCH-607000	Mozilla Firefox For Mac (124.0)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234