CVE-2017-7845 - Vulnerability Details

Vendors	Products
Microsoft	Windows
Mozilla	Firefox Firefox Esr Thunderbird

Link	Providers
http://www.securityfocus.com/bid/102115
http://www.securitytracker.com/id/1040123
https://bugzilla.mozilla.org/show_bug.cgi?id=1402372
https://www.mozilla.org/security/advisories/mfsa2017-28/
https://www.mozilla.org/security/advisories/mfsa2017-29/
https://www.mozilla.org/security/advisories/mfsa2017-30/

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"lessThan": "52.5.2", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Firefox ESR", "vendor": "Mozilla", "versions": [{"lessThan": "52.5.2", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Firefox", "vendor": "Mozilla", "versions": [{"lessThan": "57.0.2", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2017-12-07T00:00:00", "descriptions": [{"lang": "en", "value": "A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. Note: This attack only affects Windows operating systems. Other operating systems are unaffected. This vulnerability affects Thunderbird < 52.5.2, Firefox ESR < 52.5.2, and Firefox < 57.0.2."}], "problemTypes": [{"descriptions": [{"description": "Buffer overflow when drawing and validating elements with ANGLE library using Direct 3D 9", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-06-12T09:57:01", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.mozilla.org/security/advisories/mfsa2017-28/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.mozilla.org/security/advisories/mfsa2017-29/"}, {"name": "1040123", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1040123"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.mozilla.org/security/advisories/mfsa2017-30/"}, {"name": "102115", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/102115"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1402372"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@mozilla.org", "ID": "CVE-2017-7845", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Thunderbird", "version": {"version_data": [{"version_affected": "<", "version_value": "52.5.2"}]}}, {"product_name": "Firefox ESR", "version": {"version_data": [{"version_affected": "<", "version_value": "52.5.2"}]}}, {"product_name": "Firefox", "version": {"version_data": [{"version_affected": "<", "version_value": "57.0.2"}]}}]}, "vendor_name": "Mozilla"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. Note: This attack only affects Windows operating systems. Other operating systems are unaffected. This vulnerability affects Thunderbird < 52.5.2, Firefox ESR < 52.5.2, and Firefox < 57.0.2."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Buffer overflow when drawing and validating elements with ANGLE library using Direct 3D 9"}]}]}, "references": {"reference_data": [{"name": "https://www.mozilla.org/security/advisories/mfsa2017-28/", "refsource": "CONFIRM", "url": "https://www.mozilla.org/security/advisories/mfsa2017-28/"}, {"name": "https://www.mozilla.org/security/advisories/mfsa2017-29/", "refsource": "CONFIRM", "url": "https://www.mozilla.org/security/advisories/mfsa2017-29/"}, {"name": "1040123", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040123"}, {"name": "https://www.mozilla.org/security/advisories/mfsa2017-30/", "refsource": "CONFIRM", "url": "https://www.mozilla.org/security/advisories/mfsa2017-30/"}, {"name": "102115", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102115"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1402372", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1402372"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T16:19:28.566Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.mozilla.org/security/advisories/mfsa2017-28/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.mozilla.org/security/advisories/mfsa2017-29/"}, {"name": "1040123", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1040123"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.mozilla.org/security/advisories/mfsa2017-30/"}, {"name": "102115", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/102115"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1402372"}]}]}, "cveMetadata": {"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2017-7845", "datePublished": "2018-06-11T21:00:00", "dateReserved": "2017-04-12T00:00:00", "dateUpdated": "2024-08-05T16:19:28.566Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : Thunderbird (string)

vendor : Mozilla (string)

versions : [ »

0 : { »

lessThan : 52.5.2 (string)

status : affected (string)

version : unspecified (string)

versionType : custom (string)

}

]

}

1 : { »

product : Firefox ESR (string)

vendor : Mozilla (string)

versions : [ »

0 : { »

lessThan : 52.5.2 (string)

status : affected (string)

version : unspecified (string)

versionType : custom (string)

}

]

}

2 : { »

product : Firefox (string)

vendor : Mozilla (string)

versions : [ »

0 : { »

lessThan : 57.0.2 (string)

status : affected (string)

version : unspecified (string)

versionType : custom (string)

}

]

}

]

datePublic : 2017-12-07T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. Note: This attack only affects Windows operating systems. Other operating systems are unaffected. This vulnerability affects Thunderbird < 52.5.2, Firefox ESR < 52.5.2, and Firefox < 57.0.2. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : Buffer overflow when drawing and validating elements with ANGLE library using Direct 3D 9 (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2018-06-12T09:57:01 (string)

orgId : f16b083a-5664-49f3-a51e-8d479e5ed7fe (string)

shortName : mozilla (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://www.mozilla.org/security/advisories/mfsa2017-28/ (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://www.mozilla.org/security/advisories/mfsa2017-29/ (string)

}

2 : { »

name : 1040123 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

]

url : http://www.securitytracker.com/id/1040123 (string)

}

3 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://www.mozilla.org/security/advisories/mfsa2017-30/ (string)

}

4 : { »

name : 102115 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/102115 (string)

}

5 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://bugzilla.mozilla.org/show_bug.cgi?id=1402372 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : security@mozilla.org (string)

ID : CVE-2017-7845 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : Thunderbird (string)

version : { »

version_data : [ »

0 : { »

version_affected : < (string)

version_value : 52.5.2 (string)

}

]

}

1 : { »

product_name : Firefox ESR (string)

version : { »

version_data : [ »

0 : { »

version_affected : < (string)

version_value : 52.5.2 (string)

}

]

}

2 : { »

product_name : Firefox (string)

version : { »

version_data : [ »

0 : { »

version_affected : < (string)

version_value : 57.0.2 (string)

}

]

}

]

}

vendor_name : Mozilla (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. Note: This attack only affects Windows operating systems. Other operating systems are unaffected. This vulnerability affects Thunderbird < 52.5.2, Firefox ESR < 52.5.2, and Firefox < 57.0.2. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : Buffer overflow when drawing and validating elements with ANGLE library using Direct 3D 9 (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://www.mozilla.org/security/advisories/mfsa2017-28/ (string)

refsource : CONFIRM (string)

url : https://www.mozilla.org/security/advisories/mfsa2017-28/ (string)

}

1 : { »

name : https://www.mozilla.org/security/advisories/mfsa2017-29/ (string)

refsource : CONFIRM (string)

url : https://www.mozilla.org/security/advisories/mfsa2017-29/ (string)

}

2 : { »

name : 1040123 (string)

refsource : SECTRACK (string)

url : http://www.securitytracker.com/id/1040123 (string)

}

3 : { »

name : https://www.mozilla.org/security/advisories/mfsa2017-30/ (string)

refsource : CONFIRM (string)

url : https://www.mozilla.org/security/advisories/mfsa2017-30/ (string)

}

4 : { »

name : 102115 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/102115 (string)

}

5 : { »

name : https://bugzilla.mozilla.org/show_bug.cgi?id=1402372 (string)

refsource : CONFIRM (string)

url : https://bugzilla.mozilla.org/show_bug.cgi?id=1402372 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-05T16:19:28.566Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://www.mozilla.org/security/advisories/mfsa2017-28/ (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://www.mozilla.org/security/advisories/mfsa2017-29/ (string)

}

2 : { »

name : 1040123 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

2 : x_transferred (string)

]

url : http://www.securitytracker.com/id/1040123 (string)

}

3 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://www.mozilla.org/security/advisories/mfsa2017-30/ (string)

}

4 : { »

name : 102115 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/102115 (string)

}

5 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://bugzilla.mozilla.org/show_bug.cgi?id=1402372 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : f16b083a-5664-49f3-a51e-8d479e5ed7fe (string)

assignerShortName : mozilla (string)

cveId : CVE-2017-7845 (string)

datePublished : 2018-06-11T21:00:00 (string)

dateReserved : 2017-04-12T00:00:00 (string)

dateUpdated : 2024-08-05T16:19:28.566Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "B8010688-45E8-466D-99D6-B963C6A55A4B", "versionEndExcluding": "57.0.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "matchCriteriaId": "2AD1A6A6-04B0-4689-8BA2-F6D8D5B37E0C", "versionEndExcluding": "52.5.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "DAAC1C50-B5AD-4BA6-B6D4-457AAC258BDA", "versionEndExcluding": "52.5.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. Note: This attack only affects Windows operating systems. Other operating systems are unaffected. This vulnerability affects Thunderbird < 52.5.2, Firefox ESR < 52.5.2, and Firefox < 57.0.2."}, {"lang": "es", "value": "Ocurre un desbordamiento de b\u00fafer cuando se dibujan y validan elementos usando Direct 3D 9 con la librer\u00eda de gr\u00e1ficos ANGLE, utilizado para contenidos WebGL. Esto se debe a que se pasa un valor incorrecto en la librer\u00eda durante las comprobaciones y resulta en un cierre inesperado potencialmente explotable. Nota: este ataque solo afecta a sistemas operativos Windows. Los otros sistemas operativos no se ven afectados. Esta vulnerabilidad afecta a las versiones anteriores a la 52.5.2 de Thunderbird, las versiones anteriores a la 52.5.2 de Firefox ESR y las versiones anteriores a la 57.0.2 de Firefox."}], "id": "CVE-2017-7845", "lastModified": "2024-11-21T03:32:47.153", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-06-11T21:29:12.013", "references": [{"source": "security@mozilla.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/102115"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1040123"}, {"source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1402372"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2017-28/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2017-29/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2017-30/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/102115"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1040123"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1402372"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2017-28/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2017-29/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2017-30/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* (string)

matchCriteriaId : B8010688-45E8-466D-99D6-B963C6A55A4B (string)

versionEndExcluding : 57.0.2 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 2AD1A6A6-04B0-4689-8BA2-F6D8D5B37E0C (string)

versionEndExcluding : 52.5.2 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* (string)

matchCriteriaId : DAAC1C50-B5AD-4BA6-B6D4-457AAC258BDA (string)

versionEndExcluding : 52.5.2 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* (string)

matchCriteriaId : A2572D17-1DE6-457B-99CC-64AFD54487EA (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. Note: This attack only affects Windows operating systems. Other operating systems are unaffected. This vulnerability affects Thunderbird < 52.5.2, Firefox ESR < 52.5.2, and Firefox < 57.0.2. (string)

}

1 : { »

lang : es (string)

value : Ocurre un desbordamiento de búfer cuando se dibujan y validan elementos usando Direct 3D 9 con la librería de gráficos ANGLE, utilizado para contenidos WebGL. Esto se debe a que se pasa un valor incorrecto en la librería durante las comprobaciones y resulta en un cierre inesperado potencialmente explotable. Nota: este ataque solo afecta a sistemas operativos Windows. Los otros sistemas operativos no se ven afectados. Esta vulnerabilidad afecta a las versiones anteriores a la 52.5.2 de Thunderbird, las versiones anteriores a la 52.5.2 de Firefox ESR y las versiones anteriores a la 57.0.2 de Firefox. (string)

}

]

id : CVE-2017-7845 (string)

lastModified : 2024-11-21T03:32:47.153 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : COMPLETE (string)

baseScore : 9.3 (number)

confidentialityImpact : COMPLETE (string)

integrityImpact : COMPLETE (string)

vectorString : AV:N/AC:M/Au:N/C:C/I:C/A:C (string)

version : 2.0 (string)

}

exploitabilityScore : 8.6 (number)

impactScore : 10 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : true (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 8.8 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (string)

version : 3.0 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2018-06-11T21:29:12.013 (string)

references : [ »

0 : { »

source : security@mozilla.org (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/102115 (string)

}

1 : { »

source : security@mozilla.org (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securitytracker.com/id/1040123 (string)

}

2 : { »

source : security@mozilla.org (string)

tags : [ »

0 : Issue Tracking (string)

1 : Permissions Required (string)

]

url : https://bugzilla.mozilla.org/show_bug.cgi?id=1402372 (string)

}

3 : { »

source : security@mozilla.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.mozilla.org/security/advisories/mfsa2017-28/ (string)

}

4 : { »

source : security@mozilla.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.mozilla.org/security/advisories/mfsa2017-29/ (string)

}

5 : { »

source : security@mozilla.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.mozilla.org/security/advisories/mfsa2017-30/ (string)

}

6 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/102115 (string)

}

7 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securitytracker.com/id/1040123 (string)

}

8 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Issue Tracking (string)

1 : Permissions Required (string)

]

url : https://bugzilla.mozilla.org/show_bug.cgi?id=1402372 (string)

}

9 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.mozilla.org/security/advisories/mfsa2017-28/ (string)

}

10 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.mozilla.org/security/advisories/mfsa2017-29/ (string)

}

11 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.mozilla.org/security/advisories/mfsa2017-30/ (string)

}

]

sourceIdentifier : security@mozilla.org (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-119 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object