Description

A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.

References

• BID-101053
• CVE-2017-7824
• DEBIAN-DSA-3987
• DEBIAN-DSA-4014
• REDHAT-RHSA-2017:2831
• REDHAT-RHSA-2017:2885
• URL: http://www.mozilla.org/security/announce/2017/mfsa2017-23.html

Solution

Related Vulnerabilities

• Alpine Linux: CVE-2017-7824: firefox-esr Multiple vulnerabilities
• Red Hat: CVE-2017-7824: Critical: firefox security update (Multiple Advisories)
• SUSE: CVE-2017-7824: SUSE Linux Security Advisory
• FreeBSD: VID-1098A15B-B0F6-42B7-B5C7-8A8646E8BE07 (CVE-2017-7824): mozilla -- multiple vulnerabilities
• Ubuntu: (Multiple Advisories) (CVE-2017-7824): Thunderbird vulnerabilities
• CentOS: (CVE-2017-7824) (Multiple Advisories): thunderbird
• Oracle Linux: (CVE-2017-7824) (Multiple Advisories): thunderbird security update
• Oracle Solaris 11: CVE-2017-7824: Vulnerability in Firefox, Thunderbird
• MFSA2017-21 Firefox: Security vulnerabilities fixed in Firefox 56 (CVE-2017-7824)
• Debian: CVE-2017-7824: thunderbird -- security update
• MFSA2017-22 Firefox: Security vulnerabilities fixed in Firefox ESR 52.4 (CVE-2017-7824)
• Gentoo Linux: CVE-2017-7824: Mozilla Thunderbird: Multiple vulnerabilities