Vulnerabilities > CVE-2017-7790 - Unspecified vulnerability in Mozilla Firefox
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
On Windows systems, if non-null-terminated strings are copied into the crash reporter for some specific registry keys, stack memory data can be copied until a null is found. This can potentially contain private data from the local system. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Firefox < 55.
Vulnerable Configurations
Nessus
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_555B244E6B204546851FD8EB7D6C1FFA.NASL description Mozilla Foundation reports : Please reference CVE/URL list for details last seen 2020-06-01 modified 2020-06-02 plugin id 102278 published 2017-08-09 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102278 title FreeBSD : mozilla -- multiple vulnerabilities (555b244e-6b20-4546-851f-d8eb7d6c1ffa) NASL family Windows NASL id MOZILLA_FIREFOX_55_0.NASL description The version of Mozilla Firefox installed on the remote Windows host is prior to 55. It is, therefore, affected by multiple vulnerabilities, some of which allow code execution and potentially exploitable crashes. last seen 2020-06-01 modified 2020-06-02 plugin id 102359 published 2017-08-10 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102359 title Mozilla Firefox < 55 Multiple Vulnerabilities
References
- http://www.securitytracker.com/id/1039124
- http://www.securitytracker.com/id/1039124
- https://bugzilla.mozilla.org/show_bug.cgi?id=1350460
- https://bugzilla.mozilla.org/show_bug.cgi?id=1350460
- https://www.mozilla.org/security/advisories/mfsa2017-18/
- https://www.mozilla.org/security/advisories/mfsa2017-18/