Vulnerability CVE-2017-7798
Published: 2018-06-11

Description:
The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool. This vulnerability affects Firefox ESR < 52.3 and Firefox < 55.

Type:

CWE-94

 (Improper Control of Generation of Code ('Code Injection'))

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Redhat -> Enterprise linux 
Redhat -> Enterprise linux desktop 
Redhat -> Enterprise linux server 
Redhat -> Enterprise linux server aus 
Redhat -> Enterprise linux server eus 
Redhat -> Enterprise linux workstation 
Mozilla -> Firefox 
Mozilla -> Firefox esr 
Debian -> Debian linux 

 References:
http://www.securityfocus.com/bid/100198
http://www.securitytracker.com/id/1039124
https://access.redhat.com/errata/RHSA-2017:2456
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1371586%2C1372112
https://www.debian.org/security/2017/dsa-3928
https://www.mozilla.org/security/advisories/mfsa2017-18/
https://www.mozilla.org/security/advisories/mfsa2017-19/
Copyright 2024, cxsecurity.com

 

Back to Top