The destructor function for the "WindowsDllDetourPatcher" class can be re-purposed by malicious code in concert with another vulnerability to write arbitrary data to an attacker controlled location in memory. This can be used to bypass existing memory protections in this situation. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mozilla
Published: 2018-06-11T21:00:00
Updated: 2024-08-05T16:12:28.400Z
Reserved: 2017-04-12T00:00:00
Link: CVE-2017-7804
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-06-11T21:29:09.983
Modified: 2024-11-21T03:32:41.840
Link: CVE-2017-7804
Redhat
No data.