Home

CVE-2017-7828

Description

A use-after-free vulnerability can occur when flushing and resizing layout because the PressShell object has been freed while still in use. This results in a potentially exploitable crash during these operations. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
28.905

Associated Vulnerability

VulnerabilityOS Platform
Update for Mozilla Firefox (57.0)Windows
Update for Mozilla Firefox x64 (57.0)Windows
Update for Mozilla Firefox ESR (52.5.0)Windows
Update for Mozilla Firefox ESR x64 (52.5.0)Windows
Update for Mozilla Thunderbird (52.5.0)Windows
Update for Mozilla Firefox (57.0.1)Windows
Update for Mozilla Firefox x64 (57.0.1)Windows
Update for Mozilla Firefox ESR (52.5.1)Windows
Update for Mozilla Firefox ESR x64 (52.5.1)Windows
Update for Mozilla Firefox (57.0.2)Windows
Update for Mozilla Firefox x64 (57.0.2)Windows
Update for Mozilla Firefox ESR (52.5.2)Windows
Update for Mozilla Firefox ESR x64 (52.5.2)Windows
Updates for Mozilla Thunderbird (52.5.2)Windows
Update for Mozilla Firefox (57.0.3)Windows
Update for Mozilla Firefox x64 (57.0.3)Windows
Update for Mozilla Firefox ESR (52.5.3)Windows
Update for Mozilla Firefox ESR x64 (52.5.3)Windows
Updates for Mozilla Firefox (57.0.4)Windows
Updates for Mozilla Firefox (x64) (57.0.4)Windows
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (57.0)Mac
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (57.0.1)Mac
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (57.0.2)Mac
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (57.0.3)Mac
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (57.0.4)Mac
Vulnerabilities CVE-2017-7828,CVE-2017-7830,CVE-2017-7826 are fixed in Update for Mozilla Thunderbird For Mac (52.5.0)Mac
Vulnerabilities CVE-2017-7828,CVE-2017-7830,CVE-2017-7826 are fixed in Update for Mozilla Thunderbird For Mac (52.5.2)Mac
Vulnerabilities CVE-2017-7805,CVE-2017-7826,CVE-2017-7828,CVE-2017-7830 are affected in Mozilla Thunderbird for Mac 52.4.0Mac
Vulnerabilities CVE-2017-7826,CVE-2017-7828,CVE-2017-7830 are affected in Firefox ESR for Mac 52.4.1Mac
Vulnerabilities CVE-2017-7826,CVE-2017-7828,CVE-2017-7830 are affected in Mozilla Firefox for Mac 52.4.1Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 56.0.2Mac
Vulnerabilities CVE-2017-7828,CVE-2017-7830,CVE-2017-7826 are fixed in Mozilla Firefox For Mac 52.5Mac
Mozilla Open Source web browser (USN-3435-2) firefox_57.0+build4-0ubuntu0.17.04.5_i386.debLinux
Mozilla Open Source web browser (USN-3435-2) firefox_57.0+build4-0ubuntu0.17.04.5_amd64.debLinux
Mozilla Open Source web browser (USN-3477-1) firefox_57.0+build4-0ubuntu0.17.04.5_i386.debLinux
Mozilla Open Source web browser (USN-3477-1) firefox_57.0+build4-0ubuntu0.17.04.5_amd64.debLinux
Mozilla Open Source web browser (USN-3477-1) firefox_57.0+build4-0ubuntu0.17.10.5_i386.debLinux
Mozilla Open Source web browser (USN-3477-1) firefox_57.0+build4-0ubuntu0.17.10.5_amd64.debLinux
Mozilla Open Source mail and newsgroup client (USN-3490-1) thunderbird_52.5.0+build1-0ubuntu0.14.04.1_i386.debLinux
Mozilla Open Source mail and newsgroup client (USN-3490-1) thunderbird_52.5.0+build1-0ubuntu0.14.04.1_amd64.debLinux
Mozilla Open Source mail and newsgroup client (USN-3490-1) thunderbird_52.5.0+build1-0ubuntu0.16.04.1_i386.debLinux
Mozilla Open Source mail and newsgroup client (USN-3490-1) thunderbird_52.5.0+build1-0ubuntu0.16.04.1_amd64.debLinux
Mozilla Open Source mail and newsgroup client (USN-3490-1) thunderbird_52.5.0+build1-0ubuntu0.17.04.1_i386.debLinux
Mozilla Open Source mail and newsgroup client (USN-3490-1) thunderbird_52.5.0+build1-0ubuntu0.17.04.1_amd64.debLinux
Mozilla Open Source mail and newsgroup client (USN-3490-1) thunderbird_52.5.0+build1-0ubuntu0.17.10.1_i386.debLinux
Mozilla Open Source mail and newsgroup client (USN-3490-1) thunderbird_52.5.0+build1-0ubuntu0.17.10.1_amd64.debLinux
firefox-esr security update(DSA-4035-1) firefox-esr_52.5.0esr-1~deb8u1_i386.debLinux
firefox-esr security update(DSA-4035-1) firefox-esr_52.5.0esr-1~deb8u1_amd64.debLinux
firefox-esr security update(DSA-4035-1) firefox-esr_52.5.0esr-1~deb9u1_i386.debLinux
firefox-esr security update(DSA-4035-1) firefox-esr_52.5.0esr-1~deb9u1_amd64.debLinux
thunderbird security update(DSA-4061-1) thunderbird_52.5.0-1~deb8u1_i386.debLinux
thunderbird security update(DSA-4061-1) thunderbird_52.5.0-1~deb8u1_amd64.debLinux
thunderbird security update(DSA-4061-1) thunderbird_52.5.0-1~deb9u1_i386.debLinux
thunderbird security update(DSA-4061-1) thunderbird_52.5.0-1~deb9u1_amd64.debLinux
thunderbird security update(DSA-4075-1) thunderbird_52.5.2-2~deb8u1_i386.debLinux
thunderbird security update(DSA-4075-1) thunderbird_52.5.2-2~deb8u1_amd64.debLinux
thunderbird security update(DSA-4075-1) thunderbird_52.5.2-2~deb9u1_i386.debLinux
thunderbird security update(DSA-4075-1) thunderbird_52.5.2-2~deb9u1_amd64.debLinux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-306662Update for Mozilla Firefox (57.0)
PATCH-306663Update for Mozilla Firefox x64 (57.0)
PATCH-306737Update for Mozilla Firefox (57.0.1)
PATCH-306738Update for Mozilla Firefox x64 (57.0.1)
PATCH-306798Update for Mozilla Firefox (57.0.2)
PATCH-306799Update for Mozilla Firefox x64 (57.0.2)
PATCH-306880Updates for Mozilla Thunderbird (52.5.2)
PATCH-306903Update for Mozilla Firefox (57.0.3)
PATCH-306904Update for Mozilla Firefox x64 (57.0.3)
PATCH-306934Updates for Mozilla Firefox (57.0.4)
PATCH-306937Updates for Mozilla Firefox (x64) (57.0.4)
PATCH-607000Mozilla Firefox For Mac (124.0)
PATCH-607000Mozilla Firefox For Mac (124.0)
PATCH-607000Mozilla Firefox For Mac (124.0)
PATCH-607000Mozilla Firefox For Mac (124.0)
PATCH-607000Mozilla Firefox For Mac (124.0)
PATCH-611353Mozilla Thunderbird For Mac (128.12.0)
PATCH-611353Mozilla Thunderbird For Mac (128.12.0)
PATCH-611807Mozilla Thunderbird For Mac (142.0)
PATCH-611808Mozilla Firefox ESR for MAC 128.14.0
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-612783Mozilla Firefox For Mac (145.0.1)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234