Home

CVE-2017-7818

Description

A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within containers through the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
6.919

Associated Vulnerability

VulnerabilityOS Platform
Update for Mozilla Firefox ESR (52.4.0)Windows
Update for Mozilla Firefox ESR x64 (52.4.0)Windows
Update for Mozilla Firefox (56.0)Windows
Update for Mozilla Firefox x64 (56.0)Windows
Update for Mozilla Thunderbird (52.4.0)Windows
Update for Mozilla Firefox (56.0.1)Windows
Update for Mozilla Firefox x64 (56.0.1)Windows
Update for Mozilla Firefox ESR (52.4.1)Windows
Update for Mozilla Firefox ESR x64 (52.4.1)Windows
Update for Mozilla Firefox (56.0.2)Windows
Update for Mozilla Firefox x64 (56.0.2)Windows
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (56.0)Mac
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (56.0.1)Mac
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (56.0.2)Mac
Multiple Vulnerabilities are affected in Firefox ESR for Mac 52.3.0Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 52.3.0Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 55.0.3Mac
Multiple Vulnerabilities are affected in Mozilla Thunderbird for Mac 52.3.0Mac
Multiple vulnerabilities are fixed in Mozilla Firefox For Mac 52.4Mac
Mozilla Open Source mail and newsgroup client (USN-3278-1) thunderbird_52.4.0+build1-0ubuntu0.14.04.2_amd64.debLinux
Mozilla Open Source mail and newsgroup client (USN-3278-1) thunderbird_52.4.0+build1-0ubuntu0.16.04.2_i386.debLinux
Mozilla Open Source mail and newsgroup client (USN-3278-1) thunderbird_52.4.0+build1-0ubuntu0.16.04.2_amd64.debLinux
Mozilla Open Source mail and newsgroup client (USN-3278-1) thunderbird_52.4.0+build1-0ubuntu0.17.04.2_i386.debLinux
Mozilla Open Source mail and newsgroup client (USN-3278-1) thunderbird_52.4.0+build1-0ubuntu0.17.04.2_amd64.debLinux
Mozilla Open Source mail and newsgroup client (USN-3321-1) thunderbird_52.4.0+build1-0ubuntu0.14.04.2_i386.debLinux
Mozilla Open Source mail and newsgroup client (USN-3436-1) thunderbird_52.4.0+build1-0ubuntu0.14.04.2_amd64.debLinux
Mozilla Open Source mail and newsgroup client (USN-3436-1) thunderbird_52.4.0+build1-0ubuntu0.16.04.2_i386.debLinux
Mozilla Open Source mail and newsgroup client (USN-3436-1) thunderbird_52.4.0+build1-0ubuntu0.16.04.2_amd64.debLinux
Mozilla Open Source mail and newsgroup client (USN-3436-1) thunderbird_52.4.0+build1-0ubuntu0.17.04.2_i386.debLinux
Mozilla Open Source mail and newsgroup client (USN-3436-1) thunderbird_52.4.0+build1-0ubuntu0.17.04.2_amd64.debLinux
firefox-esr security update(DSA-3881-1) firefox-esr_52.4.0esr-1~deb8u1_amd64.debLinux
firefox-esr security update(DSA-3987-1) firefox-esr_52.4.0esr-1~deb8u1_i386.debLinux
thunderbird security update(DSA-4014-1) thunderbird_52.4.0-1~deb8u1_i386.debLinux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-306451Update for Mozilla Firefox ESR (52.4.0)
PATCH-306454Update for Mozilla Firefox (56.0)
PATCH-306455Update for Mozilla Firefox x64 (56.0)
PATCH-306497Update for Mozilla Firefox (56.0.1)
PATCH-306498Update for Mozilla Firefox x64 (56.0.1)
PATCH-306503Update for Mozilla Firefox ESR (52.4.1)
PATCH-306578Update for Mozilla Firefox (56.0.2)
PATCH-306579Update for Mozilla Firefox x64 (56.0.2)
PATCH-607000Mozilla Firefox For Mac (124.0)
PATCH-607000Mozilla Firefox For Mac (124.0)
PATCH-607000Mozilla Firefox For Mac (124.0)
PATCH-611808Mozilla Firefox ESR for MAC 128.14.0
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611807Mozilla Thunderbird For Mac (142.0)
PATCH-612783Mozilla Firefox For Mac (145.0.1)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234