CVE - CVE-2017-7828

CVE-ID
CVE-2017-7828	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
A use-after-free vulnerability can occur when flushing and resizing layout because the "PressShell" object has been freed while still in use. This results in a potentially exploitable crash during these operations. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:101832 URL:http://www.securityfocus.com/bid/101832 CONFIRM:https://bugzilla.mozilla.org/show_bug.cgi?id=1406750 CONFIRM:https://bugzilla.mozilla.org/show_bug.cgi?id=1412252 CONFIRM:https://www.mozilla.org/security/advisories/mfsa2017-24/ CONFIRM:https://www.mozilla.org/security/advisories/mfsa2017-25/ CONFIRM:https://www.mozilla.org/security/advisories/mfsa2017-26/ DEBIAN:DSA-4035 URL:https://www.debian.org/security/2017/dsa-4035 DEBIAN:DSA-4061 URL:https://www.debian.org/security/2017/dsa-4061 DEBIAN:DSA-4075 URL:https://www.debian.org/security/2017/dsa-4075 MLIST:[debian-lts-announce] 20171115 [SECURITY] [DLA 1172-1] firefox-esr security update URL:https://lists.debian.org/debian-lts-announce/2017/11/msg00018.html MLIST:[debian-lts-announce] 20171209 [SECURITY] [DLA 1199-1] thunderbird security update URL:https://lists.debian.org/debian-lts-announce/2017/12/msg00001.html REDHAT:RHSA-2017:3247 URL:https://access.redhat.com/errata/RHSA-2017:3247 REDHAT:RHSA-2017:3372 URL:https://access.redhat.com/errata/RHSA-2017:3372 SECTRACK:1039803 URL:http://www.securitytracker.com/id/1039803
Assigning CNA
Mozilla Corporation
Date Record Created
20170412	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20170412)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)