CVE-2017-7824

high-risk
Published 2018-06-11

A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.

Do I need to act?

!
12.1% chance of exploitation in next 30 days
EPSS score — higher than 88% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (14)

Affected Vendors

Debian Redhat Mozilla

References (24)

Third Party Advisory http://www.securityfocus.com/bid/101053
Third Party Advisory http://www.securitytracker.com/id/1039465
Third Party Advisory https://access.redhat.com/errata/RHSA-2017:2831
Third Party Advisory https://access.redhat.com/errata/RHSA-2017:2885
Issue Tracking https://bugzilla.mozilla.org/show_bug.cgi?id=1398381
Mailing List https://lists.debian.org/debian-lts-announce/2017/11/msg00000.html
Third Party Advisory https://security.gentoo.org/glsa/201803-14
Third Party Advisory https://www.debian.org/security/2017/dsa-3987
Third Party Advisory https://www.debian.org/security/2017/dsa-4014
Vendor Advisory https://www.mozilla.org/security/advisories/mfsa2017-21/
Vendor Advisory https://www.mozilla.org/security/advisories/mfsa2017-22/
Vendor Advisory https://www.mozilla.org/security/advisories/mfsa2017-23/
Third Party Advisory http://www.securityfocus.com/bid/101053
Third Party Advisory http://www.securitytracker.com/id/1039465
Third Party Advisory https://access.redhat.com/errata/RHSA-2017:2831
Third Party Advisory https://access.redhat.com/errata/RHSA-2017:2885
Issue Tracking https://bugzilla.mozilla.org/show_bug.cgi?id=1398381
Mailing List https://lists.debian.org/debian-lts-announce/2017/11/msg00000.html
Third Party Advisory https://security.gentoo.org/glsa/201803-14
Third Party Advisory https://www.debian.org/security/2017/dsa-3987
and 4 more references
62
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 12/34 · Low
Exposure 18/34 · Moderate