Back to search

Debian: CVE-2017-7805: firefox-esr, nss, thunderbird -- security update

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:N/A:P)	September 28, 2017	September 30, 2017	February 19, 2019

Description

During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer pointing to the old, freed buffer, resulting in a use-after-free when handshake hashes are then calculated afterwards. This can result in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.

Scan For This Vulnerability

Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities

Free InsightVM Trial

References

BID-101059
CVE-2017-7805
DEBIAN-DSA-3987
DEBIAN-DSA-3998
DEBIAN-DSA-4014
REDHAT-RHSA-2017:2832

Solution

debian-upgrade-firefox-esr

Related Vulnerabilities

Oracle Solaris 11: CVE-2017-7823: Vulnerability in Firefox, Thunderbird
CentOS: (CVE-2017-7814) (Multiple Advisories): thunderbird
Gentoo Linux: CVE-2017-7805: Mozilla Thunderbird: Multiple vulnerabilities
Red Hat: CVE-2017-7805: Important: nss security update (RHSA-2017:2832)
Huawei EulerOS: CVE-2017-7805: nss security update
Amazon Linux AMI: CVE-2017-7805: Security patch for nss (ALAS-2017-911)
MFSA2017-22 Firefox: Security vulnerabilities fixed in Firefox ESR 52.4 (CVE-2017-7805)
Alpine Linux: CVE-2017-7814: firefox-esr Multiple vulnerabilities
SUSE: CVE-2017-7814: SUSE Linux Security Advisory
MFSA2017-22 Firefox: Security vulnerabilities fixed in Firefox ESR 52.4 (CVE-2017-7825)
MFSA2017-22 Firefox: Security vulnerabilities fixed in Firefox ESR 52.4 (CVE-2017-7823)
Sun Patch: NSS_NSPR_JSS 3.35 Solaris: NSPR 4.18 / NSS 3.35 / JSS 4.3.2 Mainte
Red Hat: CVE-2017-7823: Critical: firefox security update (Multiple Advisories)
Red Hat: CVE-2017-7814: Critical: firefox security update (Multiple Advisories)
Gentoo Linux: CVE-2017-7814: Mozilla Thunderbird: Multiple vulnerabilities
Gentoo Linux: CVE-2017-7825: Mozilla Thunderbird: Multiple vulnerabilities
Oracle Linux: (CVE-2017-7805) ELSA-2017-2832: nss security update
Oracle Solaris 11: CVE-2017-7805: Vulnerability in Firefox, Netscape Security Services, Thunderbird
Ubuntu: (Multiple Advisories) (CVE-2017-7823): Thunderbird vulnerabilities
FreeBSD: VID-1098A15B-B0F6-42B7-B5C7-8A8646E8BE07 (CVE-2017-7825): mozilla -- multiple vulnerabilities
CentOS: (CVE-2017-7823) (Multiple Advisories): thunderbird
MFSA2017-21 Firefox: Security vulnerabilities fixed in Firefox 56 (CVE-2017-7805)
SUSE: CVE-2017-7823: SUSE Linux Security Advisory
FreeBSD: VID-1098A15B-B0F6-42B7-B5C7-8A8646E8BE07 (CVE-2017-7814): mozilla -- multiple vulnerabilities
Sun Patch: NSS_NSPR_JSS 3.35: NSPR 4.18 / NSS 3.35 / JSS 4.3.2
MFSA2017-23 Thunderbird: Security vulnerabilities fixed in Thunderbird 52.4 (CVE-2017-7805)
MFSA2017-21 Firefox: Security vulnerabilities fixed in Firefox 56 (CVE-2017-7823)
Alpine Linux: CVE-2017-7823: firefox-esr Multiple vulnerabilities
Huawei EulerOS: CVE-2017-7805: nss security update
Oracle Linux: (CVE-2017-7814) (Multiple Advisories): thunderbird security update
Sun Patch: NSS_NSPR_JSS 3.30.2_x86: NSPR 4.15 / NSS 3.30.2 / JSS 4.3.2
Oracle Solaris 11: CVE-2017-7825: Vulnerability in Firefox, Thunderbird
Oracle Solaris 11: CVE-2017-7814: Vulnerability in Firefox, Thunderbird
Sun Patch: NSS_NSPR_JSS 3.35: NSPR 4.18 / NSS 3.35 / JSS 4.3.2
MFSA2017-21 Firefox: Security vulnerabilities fixed in Firefox 56 (CVE-2017-7825)
MFSA2017-23 Thunderbird: Security vulnerabilities fixed in Thunderbird 52.4 (CVE-2017-7825)
SUSE: CVE-2017-7805: SUSE Linux Security Advisory
FreeBSD: VID-1098A15B-B0F6-42B7-B5C7-8A8646E8BE07 (CVE-2017-7823): mozilla -- multiple vulnerabilities
MFSA2017-23 Thunderbird: Security vulnerabilities fixed in Thunderbird 52.4 (CVE-2017-7814)
Debian: CVE-2017-7823: firefox-esr, thunderbird -- security update
CentOS: (CVE-2017-7805) CESA-2017:2832: nss
Alpine Linux: CVE-2017-7825: firefox-esr Multiple vulnerabilities
Ubuntu: (Multiple Advisories) (CVE-2017-7805): Thunderbird vulnerabilities
Sun Patch: NSS_NSPR_JSS 3.35_x86: NSPR 4.18 / NSS 3.35 / JSS 4.3.2
Debian: CVE-2017-7814: firefox-esr, thunderbird -- security update
FreeBSD: (Multiple Advisories) (CVE-2017-7805): mozilla -- multiple vulnerabilities
Sun Patch: NSS_NSPR_JSS 3.35: NSPR 4.18 / NSS 3.35 / JSS 4.3.2
Ubuntu: (Multiple Advisories) (CVE-2017-7814): Thunderbird vulnerabilities
SUSE: CVE-2017-7825: SUSE Linux Security Advisory
Alpine Linux: CVE-2017-7805: firefox-esr Multiple vulnerabilities
Gentoo Linux: CVE-2017-7823: Mozilla Thunderbird: Multiple vulnerabilities
Sun Patch: NSS_NSPR_JSS 3.35 Solaris_x86: NSPR 4.18 / NSS 3.35 / JSS 4.3.2 Ma
MFSA2017-22 Firefox: Security vulnerabilities fixed in Firefox ESR 52.4 (CVE-2017-7814)
MFSA2017-21 Firefox: Security vulnerabilities fixed in Firefox 56 (CVE-2017-7814)
MFSA2017-23 Thunderbird: Security vulnerabilities fixed in Thunderbird 52.4 (CVE-2017-7823)
Oracle Linux: (CVE-2017-7823) (Multiple Advisories): thunderbird security update

Vulnerability & Exploit Database

Debian: CVE-2017-7805: firefox-esr, nss, thunderbird -- security update

Description

Scan For This Vulnerability

References

Solution

Related Vulnerabilities

Legal

Resources & Help

Connect With Us

Stay in touch:

Quick Cookie Notification

Vulnerability & Exploit Database

Debian: CVE-2017-7805: firefox-esr, nss, thunderbird -- security update

Description

Scan For This Vulnerability

References

Solution

Related Vulnerabilities

Legal

Resources & Help

Connect With Us

Stay in touch: