The "pingsender" executable used by the Firefox Health Report dynamically loads a system copy of libcurl, which an attacker could replace. This allows for privilege escalation as the replaced libcurl code will run with Firefox's privileges. Note: This attack requires an attacker have local system access and only affects OS X and Linux. Windows systems are not affected. This vulnerability affects Firefox < 57.
Metrics
Affected Vendors & Products
References
History
No history.
![cve-icon](/static/img/cve-icon.png)
Status: PUBLISHED
Assigner: mozilla
Published: 2018-06-11T21:00:00
Updated: 2024-08-05T16:19:28.357Z
Reserved: 2017-04-12T00:00:00
Link: CVE-2017-7836
![cve-icon](/static/img/cisa-icon.png)
No data.
![cve-icon](/static/img/nvd-icon.png)
Status : Modified
Published: 2018-06-11T21:29:11.657
Modified: 2024-11-21T03:32:46.167
Link: CVE-2017-7836
![cve-icon](/static/img/redhat-icon.png)
No data.