Home

CVE-2017-7805

Description

During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer pointing to the old, freed buffer, resulting in a use-after-free when handshake hashes are then calculated afterwards. This can result in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
3.851

Associated Vulnerability

VulnerabilityOS Platform
Update for Mozilla Firefox ESR (52.4.0)Windows
Update for Mozilla Firefox ESR x64 (52.4.0)Windows
Update for Mozilla Firefox (56.0)Windows
Update for Mozilla Firefox x64 (56.0)Windows
Update for Mozilla Thunderbird (52.4.0)Windows
Update for Mozilla Firefox (56.0.1)Windows
Update for Mozilla Firefox x64 (56.0.1)Windows
Update for Mozilla Firefox ESR (52.4.1)Windows
Update for Mozilla Firefox ESR x64 (52.4.1)Windows
Update for Mozilla Firefox (56.0.2)Windows
Update for Mozilla Firefox x64 (56.0.2)Windows
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (56.0)Mac
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (56.0.1)Mac
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (56.0.2)Mac
Vulnerabilities CVE-2017-7805 are affected in Firefox ESR for Mac 52.4.0Mac
Vulnerabilities CVE-2017-7805 are affected in Mozilla Firefox for Mac 52.4.0Mac
Vulnerabilities CVE-2017-7805 are affected in Mozilla Firefox for Mac 56.0Mac
Vulnerabilities CVE-2017-7805,CVE-2017-7826,CVE-2017-7828,CVE-2017-7830 are affected in Mozilla Thunderbird for Mac 52.4.0Mac
Multiple vulnerabilities are fixed in Mozilla Firefox For Mac 52.4Mac
Mozilla Open Source mail and newsgroup client (USN-3278-1) thunderbird_52.4.0+build1-0ubuntu0.14.04.2_amd64.debLinux
Mozilla Open Source mail and newsgroup client (USN-3278-1) thunderbird_52.4.0+build1-0ubuntu0.16.04.2_i386.debLinux
Mozilla Open Source mail and newsgroup client (USN-3278-1) thunderbird_52.4.0+build1-0ubuntu0.16.04.2_amd64.debLinux
Mozilla Open Source mail and newsgroup client (USN-3278-1) thunderbird_52.4.0+build1-0ubuntu0.17.04.2_i386.debLinux
Mozilla Open Source mail and newsgroup client (USN-3278-1) thunderbird_52.4.0+build1-0ubuntu0.17.04.2_amd64.debLinux
Libnss3 3.28.4-0ubuntu0.14.04.1 for Ubuntu 14.04 LTS (x64) libnss3_3.28.4-0ubuntu0.14.04.3_amd64.debLinux
Libnss3 3.28.4-0ubuntu0.14.04.1 for Ubuntu 14.04 LTS libnss3_3.28.4-0ubuntu0.14.04.3_i386.debLinux
Libnss3 3.28.4-0ubuntu0.16.04.1 for Ubuntu 16.04 LTS (x64) libnss3_3.28.4-0ubuntu0.16.04.3_amd64.debLinux
Libnss3 3.28.4-0ubuntu0.16.04.1 for Ubuntu 16.04 LTS libnss3_3.28.4-0ubuntu0.16.04.3_i386.debLinux
Mozilla Open Source mail and newsgroup client (USN-3321-1) thunderbird_52.4.0+build1-0ubuntu0.14.04.2_i386.debLinux
Network Security Service library (USN-3431-1) libnss3_3.28.4-0ubuntu0.17.04.3_i386.debLinux
Network Security Service library (USN-3431-1) libnss3_3.28.4-0ubuntu0.17.04.3_amd64.debLinux
Mozilla Open Source mail and newsgroup client (USN-3436-1) thunderbird_52.4.0+build1-0ubuntu0.14.04.2_amd64.debLinux
Mozilla Open Source mail and newsgroup client (USN-3436-1) thunderbird_52.4.0+build1-0ubuntu0.16.04.2_i386.debLinux
Mozilla Open Source mail and newsgroup client (USN-3436-1) thunderbird_52.4.0+build1-0ubuntu0.16.04.2_amd64.debLinux
Mozilla Open Source mail and newsgroup client (USN-3436-1) thunderbird_52.4.0+build1-0ubuntu0.17.04.2_i386.debLinux
Mozilla Open Source mail and newsgroup client (USN-3436-1) thunderbird_52.4.0+build1-0ubuntu0.17.04.2_amd64.debLinux
firefox-esr security update(DSA-3881-1) firefox-esr_52.4.0esr-1~deb8u1_amd64.debLinux
firefox-esr security update(DSA-3987-1) firefox-esr_52.4.0esr-1~deb8u1_i386.debLinux
thunderbird security update(DSA-4014-1) thunderbird_52.4.0-1~deb8u1_i386.debLinux
(RHSA-2017:2832) Important: nss security update nss-3.28.4-12.el7_4.i686.rpmLinux
(RHSA-2017:2832) Important: nss security update nss-3.28.4-12.el7_4.x86_64.rpmLinux
(RHSA-2017:2832) Important: nss security update nss-3.28.4-4.el6_9.i686.rpmLinux
(RHSA-2017:2832) Important: nss security update nss-3.28.4-4.el6_9.x86_64.rpmLinux
(RHSA-2017:2832) Important: nss security update nss-devel-3.28.4-12.el7_4.i686.rpmLinux
(RHSA-2017:2832) Important: nss security update nss-devel-3.28.4-12.el7_4.x86_64.rpmLinux
(RHSA-2017:2832) Important: nss security update nss-devel-3.28.4-4.el6_9.i686.rpmLinux
(RHSA-2017:2832) Important: nss security update nss-devel-3.28.4-4.el6_9.x86_64.rpmLinux
(RHSA-2017:2832) Important: nss security update nss-pkcs11-devel-3.28.4-12.el7_4.i686.rpmLinux
(RHSA-2017:2832) Important: nss security update nss-pkcs11-devel-3.28.4-12.el7_4.x86_64.rpmLinux
(RHSA-2017:2832) Important: nss security update nss-pkcs11-devel-3.28.4-4.el6_9.i686.rpmLinux
(RHSA-2017:2832) Important: nss security update nss-pkcs11-devel-3.28.4-4.el6_9.x86_64.rpmLinux
(RHSA-2017:2832) Important: nss security update nss-sysinit-3.28.4-12.el7_4.x86_64.rpmLinux
(RHSA-2017:2832) Important: nss security update nss-sysinit-3.28.4-4.el6_9.i686.rpmLinux
(RHSA-2017:2832) Important: nss security update nss-sysinit-3.28.4-4.el6_9.x86_64.rpmLinux
(RHSA-2017:2832) Important: nss security update nss-tools-3.28.4-12.el7_4.x86_64.rpmLinux
(RHSA-2017:2832) Important: nss security update nss-tools-3.28.4-4.el6_9.i686.rpmLinux
(RHSA-2017:2832) Important: nss security update nss-tools-3.28.4-4.el6_9.x86_64.rpmLinux
SUSE-SU-2017:2688-1(SUSE Linux Enterprise Desktop 12-SP2 ) libfreebl3-3.29.5-58.3.1.x86_64.rpmLinux
SUSE-SU-2017:2688-1(SUSE Linux Enterprise Desktop 12-SP2 ) libfreebl3-32bit-3.29.5-58.3.1.x86_64.rpmLinux
SUSE-SU-2017:2688-1(SUSE Linux Enterprise Desktop 12-SP2 ) libfreebl3-debuginfo-3.29.5-58.3.1.x86_64.rpmLinux
SUSE-SU-2017:2688-1(SUSE Linux Enterprise Desktop 12-SP2 ) libfreebl3-debuginfo-32bit-3.29.5-58.3.1.x86_64.rpmLinux
SUSE-SU-2017:2688-1(SUSE Linux Enterprise Server 12-SP2 ) libfreebl3-hmac-3.29.5-58.3.1.x86_64.rpmLinux
SUSE-SU-2017:2688-1(SUSE Linux Enterprise Server 12-SP2 ) libfreebl3-hmac-32bit-3.29.5-58.3.1.x86_64.rpmLinux
SUSE-SU-2017:2688-1(SUSE Linux Enterprise Desktop 12-SP2 ) libsoftokn3-3.29.5-58.3.1.x86_64.rpmLinux
SUSE-SU-2017:2688-1(SUSE Linux Enterprise Desktop 12-SP2 ) libsoftokn3-32bit-3.29.5-58.3.1.x86_64.rpmLinux
SUSE-SU-2017:2688-1(SUSE Linux Enterprise Desktop 12-SP2 ) libsoftokn3-debuginfo-3.29.5-58.3.1.x86_64.rpmLinux
SUSE-SU-2017:2688-1(SUSE Linux Enterprise Desktop 12-SP2 ) libsoftokn3-debuginfo-32bit-3.29.5-58.3.1.x86_64.rpmLinux
SUSE-SU-2017:2688-1(SUSE Linux Enterprise Server 12-SP2 ) libsoftokn3-hmac-3.29.5-58.3.1.x86_64.rpmLinux
SUSE-SU-2017:2688-1(SUSE Linux Enterprise Server 12-SP2 ) libsoftokn3-hmac-32bit-3.29.5-58.3.1.x86_64.rpmLinux
SUSE-SU-2017:2688-1(SUSE Linux Enterprise Desktop 12-SP2 ) mozilla-nss-3.29.5-58.3.1.x86_64.rpmLinux
SUSE-SU-2017:2688-1(SUSE Linux Enterprise Desktop 12-SP2 ) mozilla-nss-32bit-3.29.5-58.3.1.x86_64.rpmLinux
SUSE-SU-2017:2688-1(SUSE Linux Enterprise Desktop 12-SP2 ) mozilla-nss-certs-3.29.5-58.3.1.x86_64.rpmLinux
SUSE-SU-2017:2688-1(SUSE Linux Enterprise Desktop 12-SP2 ) mozilla-nss-certs-32bit-3.29.5-58.3.1.x86_64.rpmLinux
SUSE-SU-2017:2688-1(SUSE Linux Enterprise Desktop 12-SP2 ) mozilla-nss-certs-debuginfo-3.29.5-58.3.1.x86_64.rpmLinux
SUSE-SU-2017:2688-1(SUSE Linux Enterprise Desktop 12-SP2 ) mozilla-nss-certs-debuginfo-32bit-3.29.5-58.3.1.x86_64.rpmLinux
SUSE-SU-2017:2688-1(SUSE Linux Enterprise Desktop 12-SP2 ) mozilla-nss-debuginfo-3.29.5-58.3.1.x86_64.rpmLinux
SUSE-SU-2017:2688-1(SUSE Linux Enterprise Desktop 12-SP2 ) mozilla-nss-debuginfo-32bit-3.29.5-58.3.1.x86_64.rpmLinux
SUSE-SU-2017:2688-1(SUSE Linux Enterprise Desktop 12-SP2 ) mozilla-nss-debugsource-3.29.5-58.3.1.x86_64.rpmLinux
SUSE-SU-2017:2688-1(SUSE Linux Enterprise Desktop 12-SP2 ) mozilla-nss-sysinit-3.29.5-58.3.1.x86_64.rpmLinux
SUSE-SU-2017:2688-1(SUSE Linux Enterprise Desktop 12-SP2 ) mozilla-nss-sysinit-32bit-3.29.5-58.3.1.x86_64.rpmLinux
SUSE-SU-2017:2688-1(SUSE Linux Enterprise Desktop 12-SP2 ) mozilla-nss-sysinit-debuginfo-3.29.5-58.3.1.x86_64.rpmLinux
SUSE-SU-2017:2688-1(SUSE Linux Enterprise Desktop 12-SP2 ) mozilla-nss-sysinit-debuginfo-32bit-3.29.5-58.3.1.x86_64.rpmLinux
SUSE-SU-2017:2688-1(SUSE Linux Enterprise Desktop 12-SP2 ) mozilla-nss-tools-3.29.5-58.3.1.x86_64.rpmLinux
SUSE-SU-2017:2688-1(SUSE Linux Enterprise Desktop 12-SP2 ) mozilla-nss-tools-debuginfo-3.29.5-58.3.1.x86_64.rpmLinux
SUSE-SU-2017:2872-1(SUSE Linux Enterprise Server 11-SP4 ) libfreebl3-3.29.5-47.6.1.x86_64.rpmLinux
SUSE-SU-2017:2872-1(SUSE Linux Enterprise Server 11-SP4 ) libfreebl3-32bit-3.29.5-47.6.1.x86_64.rpmLinux
SUSE-SU-2017:2872-1(SUSE Linux Enterprise Server 11-SP4 ) libsoftokn3-3.29.5-47.6.1.x86_64.rpmLinux
SUSE-SU-2017:2872-1(SUSE Linux Enterprise Server 11-SP4 ) libsoftokn3-32bit-3.29.5-47.6.1.x86_64.rpmLinux
SUSE-SU-2017:2872-1(SUSE Linux Enterprise Server 11-SP4 ) mozilla-nss-3.29.5-47.6.1.x86_64.rpmLinux
SUSE-SU-2017:2872-1(SUSE Linux Enterprise Server 11-SP4 ) mozilla-nss-32bit-3.29.5-47.6.1.x86_64.rpmLinux
SUSE-SU-2017:2872-1(SUSE Linux Enterprise Server 11-SP4 ) mozilla-nss-tools-3.29.5-47.6.1.x86_64.rpmLinux
Use After Free Vulnerability (CVE-2017-7805)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-306451Update for Mozilla Firefox ESR (52.4.0)
PATCH-306454Update for Mozilla Firefox (56.0)
PATCH-306455Update for Mozilla Firefox x64 (56.0)
PATCH-306497Update for Mozilla Firefox (56.0.1)
PATCH-306498Update for Mozilla Firefox x64 (56.0.1)
PATCH-306503Update for Mozilla Firefox ESR (52.4.1)
PATCH-306578Update for Mozilla Firefox (56.0.2)
PATCH-306579Update for Mozilla Firefox x64 (56.0.2)
PATCH-607000Mozilla Firefox For Mac (124.0)
PATCH-607000Mozilla Firefox For Mac (124.0)
PATCH-607000Mozilla Firefox For Mac (124.0)
PATCH-611808Mozilla Firefox ESR for MAC 128.14.0
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611807Mozilla Thunderbird For Mac (142.0)
PATCH-612783Mozilla Firefox For Mac (145.0.1)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234