Vulnerabilities > CVE-2017-7805 - Use After Free vulnerability in multiple products

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

mozilla

debian

CWE-416

nessus

NVD

Published: 2018-06-11

Updated: 2018-10-17

Summary

During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer pointing to the old, freed buffer, resulting in a use-after-free when handshake hashes are then calculated afterwards. This can result in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.

Vulnerable Configurations

Part	Description	Count
Application	Mozilla Mozilla Firefox 56.0 Mozilla Firefox ESR 52.4.0 Mozilla Thunderbird 52.4.0	3
OS	Debian Debian Debian Linux 7.0 Debian Debian Linux 8.0 Debian Debian Linux 9.0	3

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

Nessus

NASL family	Windows
NASL id	MOZILLA_FIREFOX_56_0.NASL
description	The version of Mozilla Firefox installed on the remote Windows host is prior to 56. It is, therefore, affected by multiple vulnerabilities, some of which allow code execution and potentially exploitable crashes.
last seen	2020-06-01
modified	2020-06-02
plugin id	103680
published	2017-10-06
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/103680
title	Mozilla Firefox < 56 Multiple Vulnerabilities
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(103680); script_version("1.4"); script_cvs_date("Date: 2019/11/12"); script_cve_id( "CVE-2017-7793", "CVE-2017-7805", "CVE-2017-7810", "CVE-2017-7811", "CVE-2017-7812", "CVE-2017-7813", "CVE-2017-7814", "CVE-2017-7815", "CVE-2017-7816", "CVE-2017-7817", "CVE-2017-7818", "CVE-2017-7819", "CVE-2017-7820", "CVE-2017-7821", "CVE-2017-7822", "CVE-2017-7823", "CVE-2017-7824" ); script_bugtraq_id( 101053, 101054, 101055, 101057 ); script_xref(name:"MFSA", value:"2017-21"); script_name(english:"Mozilla Firefox < 56 Multiple Vulnerabilities"); script_summary(english:"Checks the version of Firefox."); script_set_attribute(attribute:"synopsis", value: "A web browser installed on the remote Windows host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Mozilla Firefox installed on the remote Windows host is prior to 56. It is, therefore, affected by multiple vulnerabilities, some of which allow code execution and potentially exploitable crashes."); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/"); script_set_attribute(attribute:"solution", value: "Upgrade to Mozilla Firefox version 56 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-7811"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/09/28"); script_set_attribute(attribute:"patch_publication_date", value:"2017/09/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/10/06"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("mozilla_org_installed.nasl"); script_require_keys("Mozilla/Firefox/Version"); exit(0); } include("mozilla_version.inc"); port = get_kb_item("SMB/transport"); if (!port) port = 445; installs = get_kb_list("SMB/Mozilla/Firefox/*"); if (isnull(installs)) audit(AUDIT_NOT_INST, "Firefox"); mozilla_check_version(installs:installs, product:'firefox', fix:'56', severity:SECURITY_HOLE);

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-3435-1.NASL
description	Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, obtain sensitive information, bypass phishing and malware protection, spoof the origin in modal dialogs, conduct cross-site scripting (XSS) attacks, cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-7793, CVE-2017-7810, CVE-2017-7811, CVE-2017-7812, CVE-2017-7813, CVE-2017-7814, CVE-2017-7815, CVE-2017-7818, CVE-2017-7819, CVE-2017-7820, CVE-2017-7822, CVE-2017-7823, CVE-2017-7824) Martin Thomson discovered that NSS incorrectly generated handshake hashes. A remote attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-7805) Multiple security issues were discovered in WebExtensions. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit these to download and open non-executable files without interaction, or obtain elevated privileges. (CVE-2017-7816, CVE-2017-7821). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	103646
published	2017-10-03
reporter	Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/103646
title	Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : firefox vulnerabilities (USN-3435-1)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201802-03.NASL
description	The remote host is affected by the vulnerability described in GLSA-201802-03 (Mozilla Firefox: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the referenced CVE identifiers for details. Impact : A remote attacker could entice a user to view a specially crafted web page, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impact. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	106884
published	2018-02-20
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/106884
title	GLSA-201802-03 : Mozilla Firefox: Multiple vulnerabilities

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-3435-2.NASL
description	USN-3435-1 fixed vulnerabilities in Firefox. The update caused the Flash plugin to crash in some circumstances. This update fixes the problem. We apologize for the inconvenience. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, obtain sensitive information, bypass phishing and malware protection, spoof the origin in modal dialogs, conduct cross-site scripting (XSS) attacks, cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-7793, CVE-2017-7810, CVE-2017-7811, CVE-2017-7812, CVE-2017-7813, CVE-2017-7814, CVE-2017-7815, CVE-2017-7818, CVE-2017-7819, CVE-2017-7820, CVE-2017-7822, CVE-2017-7823, CVE-2017-7824) Martin Thomson discovered that NSS incorrectly generated handshake hashes. A remote attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-7805) Multiple security issues were discovered in WebExtensions. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit these to download and open non-executable files without interaction, or obtain elevated privileges. (CVE-2017-7816, CVE-2017-7821). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	103667
published	2017-10-05
reporter	Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/103667
title	Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : firefox regression (USN-3435-2)

NASL family	Virtuozzo Local Security Checks
NASL id	VIRTUOZZO_VZLSA-2017-2832.NASL
description	An update for nss is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix(es) : * A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious client could use this flaw to cause an application compiled against NSS to crash or, potentially, execute arbitrary code with the permission of the user running the application. (CVE-2017-7805) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Martin Thomson as the original reporter. Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	119229
published	2018-11-27
reporter	This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/119229
title	Virtuozzo 6 : nss / nss-devel / nss-pkcs11-devel / nss-sysinit / etc (VZLSA-2017-2832)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2017-1246.NASL
description	According to the version of the nss packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious client could use this flaw to cause an application compiled against NSS to crash or, potentially, execute arbitrary code with the permission of the user running the application.(CVE-2017-7805) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-05-06
modified	2017-10-19
plugin id	103937
published	2017-10-19
reporter	This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/103937
title	EulerOS 2.0 SP1 : nss (EulerOS-SA-2017-1246)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2017-2832.NASL
description	An update for nss is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix(es) : * A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious client could use this flaw to cause an application compiled against NSS to crash or, potentially, execute arbitrary code with the permission of the user running the application. (CVE-2017-7805) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Martin Thomson as the original reporter.
last seen	2020-06-01
modified	2020-06-02
plugin id	103574
published	2017-10-02
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/103574
title	CentOS 6 / 7 : nss (CESA-2017:2832)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DLA-1118.NASL
description	Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, buffer overflows and other implementation errors may lead to the execution of arbitrary code, denial of service, cross-site scripting or bypass of the phishing and malware protection feature. For Debian 7
last seen	2020-03-17
modified	2017-10-02
plugin id	103576
published	2017-10-02
reporter	This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/103576
title	Debian DLA-1118-1 : firefox-esr security update

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20170929_NSS_ON_SL6_X.NASL
description	Security Fix(es) : - A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious client could use this flaw to cause an application compiled against NSS to crash or, potentially, execute arbitrary code with the permission of the user running the application. (CVE-2017-7805)
last seen	2020-03-18
modified	2017-10-02
plugin id	103595
published	2017-10-02
reporter	This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/103595
title	Scientific Linux Security Update : nss on SL6.x, SL7.x i386/x86_64 (20170929)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2017-2872-2.NASL
description	This update for MozillaFirefox and mozilla-nss fixes the following issues: Mozilla Firefox was updated to ESR 52.4 (bsc#1060445) - MFSA 2017-22/CVE-2017-7825: OS X fonts render some Tibetan and Arabic unicode characters as spaces - MFSA 2017-22/CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes - MFSA 2017-22/CVE-2017-7819: Use-after-free while resizing images in design mode - MFSA 2017-22/CVE-2017-7818: Use-after-free during ARIA array manipulation - MFSA 2017-22/CVE-2017-7793: Use-after-free with Fetch API - MFSA 2017-22/CVE-2017-7824: Buffer overflow when drawing and validating elements with ANGLE - MFSA 2017-22/CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4 - MFSA 2017-22/CVE-2017-7823: CSP sandbox directive did not create a unique origin - MFSA 2017-22/CVE-2017-7814: Blob and data URLs bypass phishing and malware protection warnings Mozilla Network Security Services (Mozilla NSS) received a security fix : - MFSA 2017-22/CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes (bsc#1061005, bsc#1060445) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	104542
published	2017-11-14
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/104542
title	SUSE SLES11 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2017:2872-2)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-3436-1.NASL
description	Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing-like context, an attacker could potentially exploit these to read uninitialized memory, bypass phishing and malware protection, conduct cross-site scripting (XSS) attacks, cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-7793, CVE-2017-7810, CVE-2017-7814, CVE-2017-7818, CVE-2017-7819, CVE-2017-7823, CVE-2017-7824) Martin Thomson discovered that NSS incorrectly generated handshake hashes. A remote attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-7805). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	103808
published	2017-10-12
reporter	Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/103808
title	Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : thunderbird vulnerabilities (USN-3436-1)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2017-2832.NASL
description	An update for nss is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix(es) : * A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious client could use this flaw to cause an application compiled against NSS to crash or, potentially, execute arbitrary code with the permission of the user running the application. (CVE-2017-7805) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Martin Thomson as the original reporter.
last seen	2020-06-01
modified	2020-06-02
plugin id	103562
published	2017-09-29
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/103562
title	RHEL 6 / 7 : nss (RHSA-2017:2832)

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_FIREFOX_56_0.NASL
description	The version of Mozilla Firefox installed on the remote macOS or Mac OS X host is prior to 56. It is, therefore, affected by multiple vulnerabilities, some of which allow code execution and potentially exploitable application crashes.
last seen	2020-06-01
modified	2020-06-02
plugin id	103678
published	2017-10-06
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/103678
title	Mozilla Firefox < 56 Multiple Vulnerabilities (macOS)

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_1098A15BB0F642B7B5C78A8646E8BE07.NASL
description	Mozilla Foundation reports : CVE-2017-7793: Use-after-free with Fetch API CVE-2017-7817: Firefox for Android address bar spoofing through fullscreen mode CVE-2017-7818: Use-after-free during ARIA array manipulation CVE-2017-7819: Use-after-free while resizing images in design mode CVE-2017-7824: Buffer overflow when drawing and validating elements with ANGLE CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes CVE-2017-7812: Drag and drop of malicious page content to the tab bar can open locally stored files CVE-2017-7814: Blob and data URLs bypass phishing and malware protection warnings CVE-2017-7813: Integer truncation in the JavaScript parser CVE-2017-7825: OS X fonts render some Tibetan and Arabic unicode characters as spaces CVE-2017-7815: Spoofing attack with modal dialogs on non-e10s installations CVE-2017-7816: WebExtensions can load about: URLs in extension UI CVE-2017-7821: WebExtensions can download and open non-executable files without user interaction CVE-2017-7823: CSP sandbox directive did not create a unique origin CVE-2017-7822: WebCrypto allows AES-GCM with 0-length IV CVE-2017-7820: Xray wrapper bypass with new tab and web console CVE-2017-7811: Memory safety bugs fixed in Firefox 56 CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4
last seen	2020-06-01
modified	2020-06-02
plugin id	103556
published	2017-09-29
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/103556
title	FreeBSD : mozilla -- multiple vulnerabilities (1098a15b-b0f6-42b7-b5c7-8a8646e8be07)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2017-1247.NASL
description	According to the version of the nss packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious client could use this flaw to cause an application compiled against NSS to crash or, potentially, execute arbitrary code with the permission of the user running the application.(CVE-2017-7805) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-05-06
modified	2017-10-19
plugin id	103938
published	2017-10-19
reporter	This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/103938
title	EulerOS 2.0 SP2 : nss (EulerOS-SA-2017-1247)

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_X86_119214-37.NASL
description	NSS_NSPR_JSS 3.34_x86: NSPR 4.17 / NSS 3.3. Date this patch was last updated by Sun : May/16/18
last seen	2020-06-01
modified	2020-06-02
plugin id	109912
published	2018-05-18
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/109912
title	Solaris 10 (x86) : 119214-37

NASL family	NewStart CGSL Local Security Checks
NASL id	NEWSTART_CGSL_NS-SA-2019-0112_NSS.NASL
description	The remote NewStart CGSL host, running version MAIN 4.05, has nss packages installed that are affected by a vulnerability: - A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious client could use this flaw to cause an application compiled against NSS to crash or, potentially, execute arbitrary code with the permission of the user running the application. (CVE-2017-7805) Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-06-01
modified	2020-06-02
plugin id	127350
published	2019-08-12
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/127350
title	NewStart CGSL MAIN 4.05 : nss Vulnerability (NS-SA-2019-0112)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2017-1144.NASL
description	Mozilla Thunderbird was updated to 52.4.0 (boo#1060445) - new behavior was introduced for replies to mailing list posts:
last seen	2020-06-05
modified	2017-10-12
plugin id	103798
published	2017-10-12
reporter	This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/103798
title	openSUSE Security Update : MozillaThunderbird (openSUSE-2017-1144)

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_FIREFOX_52_4_ESR.NASL
description	The version of Mozilla Firefox ESR installed on the remote macOS or Mac OS X host is prior to 52.4. It is, therefore, affected by multiple vulnerabilities, some of which allow code execution and potentially exploitable crashes.
last seen	2020-06-01
modified	2020-06-02
plugin id	103677
published	2017-10-06
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/103677
title	Mozilla Firefox ESR < 52.4 Multiple Vulnerabilities (macOS)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-4014.NASL
description	Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service.
last seen	2020-06-01
modified	2020-06-02
plugin id	104340
published	2017-11-02
reporter	This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/104340
title	Debian DSA-4014-1 : thunderbird - security update

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2017-2872-1.NASL
description	This update for MozillaFirefox and mozilla-nss fixes the following issues: Mozilla Firefox was updated to ESR 52.4 (bsc#1060445) - MFSA 2017-22/CVE-2017-7825: OS X fonts render some Tibetan and Arabic unicode characters as spaces - MFSA 2017-22/CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes - MFSA 2017-22/CVE-2017-7819: Use-after-free while resizing images in design mode - MFSA 2017-22/CVE-2017-7818: Use-after-free during ARIA array manipulation - MFSA 2017-22/CVE-2017-7793: Use-after-free with Fetch API - MFSA 2017-22/CVE-2017-7824: Buffer overflow when drawing and validating elements with ANGLE - MFSA 2017-22/CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4 - MFSA 2017-22/CVE-2017-7823: CSP sandbox directive did not create a unique origin - MFSA 2017-22/CVE-2017-7814: Blob and data URLs bypass phishing and malware protection warnings Mozilla Network Security Services (Mozilla NSS) received a security fix : - MFSA 2017-22/CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes (bsc#1061005, bsc#1060445) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	104254
published	2017-10-30
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/104254
title	SUSE SLES11 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2017:2872-1)

NASL family	Windows
NASL id	MOZILLA_FIREFOX_52_4_ESR.NASL
description	The version of Mozilla Firefox ESR installed on the remote Windows host is prior to 52.4. It is, therefore, affected by multiple vulnerabilities, some of which allow code execution and potentially exploitable crashes.
last seen	2020-06-01
modified	2020-06-02
plugin id	103679
published	2017-10-06
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/103679
title	Mozilla Firefox ESR < 52.4 Multiple Vulnerabilities

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_E71FD9D3AF4711E7A633009C02A2AB30.NASL
description	Mozilla reports : During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer pointing to the old, freed buffer, resulting in a use-after-free when handshake hashes are then calculated afterwards. This can result in a potentially exploitable crash.
last seen	2020-06-01
modified	2020-06-02
plugin id	103828
published	2017-10-13
reporter	This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/103828
title	FreeBSD : nss -- Use-after-free in TLS 1.2 generating handshake hashes (e71fd9d3-af47-11e7-a633-009c02a2ab30)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DLA-1138.NASL
description	Martin Thomson discovered that nss, the Mozilla Network Security Service library, is prone to a use-after-free vulnerability in the TLS 1.2 implementation when handshake hashes are generated. A remote attacker can take advantage of this flaw to cause an application using the nss library to crash, resulting in a denial of service, or potentially to execute arbitrary code. For Debian 7
last seen	2020-03-17
modified	2017-10-20
plugin id	103988
published	2017-10-20
reporter	This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/103988
title	Debian DLA-1138-1 : nss security update

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-3431-1.NASL
description	Martin Thomson discovered that NSS incorrectly generated handshake hashes. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	103642
published	2017-10-03
reporter	Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/103642
title	Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : nss vulnerability (USN-3431-1)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201803-14.NASL
description	The remote host is affected by the vulnerability described in GLSA-201803-14 (Mozilla Thunderbird: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the referenced Mozilla Foundation Security Advisories and CVE identifiers below for details. Impact : A remote attacker may be able to execute arbitrary code, cause a Denial of Service condition, obtain sensitive information, conduct URL hijacking, or conduct cross-site scripting (XSS). Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	108820
published	2018-04-04
reporter	This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/108820
title	GLSA-201803-14 : Mozilla Thunderbird: Multiple vulnerabilities

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-3998.NASL
description	Martin Thomson discovered that nss, the Mozilla Network Security Service library, is prone to a use-after-free vulnerability in the TLS 1.2 implementation when handshake hashes are generated. A remote attacker can take advantage of this flaw to cause an application using the nss library to crash, resulting in a denial of service, or potentially to execute arbitrary code.
last seen	2020-06-01
modified	2020-06-02
plugin id	103794
published	2017-10-12
reporter	This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/103794
title	Debian DSA-3998-1 : nss - security update

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2017-2832.NASL
description	From Red Hat Security Advisory 2017:2832 : An update for nss is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix(es) : * A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious client could use this flaw to cause an application compiled against NSS to crash or, potentially, execute arbitrary code with the permission of the user running the application. (CVE-2017-7805) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Martin Thomson as the original reporter.
last seen	2020-06-01
modified	2020-06-02
plugin id	103559
published	2017-09-29
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/103559
title	Oracle Linux 6 / 7 : nss (ELSA-2017-2832)

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_119213-37.NASL
description	NSS_NSPR_JSS 3.34: NSPR 4.17 / NSS 3.34 /. Date this patch was last updated by Sun : May/16/18
last seen	2020-06-01
modified	2020-06-02
plugin id	109911
published	2018-05-18
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/109911
title	Solaris 10 (sparc) : 119213-37

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2019-1397.NASL
description	According to the versions of the nss packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the way NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. A man-in-the-middle attacker could use this flaw in a passive replay attack. (CVE-2018-12384) - A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious client could use this flaw to cause an application compiled against NSS to crash or, potentially, execute arbitrary code with the permission of the user running the application.(CVE-2017-7805) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	124900
published	2019-05-14
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/124900
title	EulerOS Virtualization for ARM 64 3.0.1.0 : nss (EulerOS-SA-2019-1397)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2017-2688-1.NASL
description	This update for MozillaFirefox to ESR 52.4, mozilla-nss fixes the following issues: This security issue was fixed for mozilla-nss : - CVE-2017-7805: Prevent use-after-free in TLS 1.2 when generating handshake hashes (bsc#1061005) These security issues were fixed for Firefox - CVE-2017-7825: Fixed some Tibetan and Arabic unicode characters rendering (bsc#1060445). - CVE-2017-7805: Prevent Use-after-free in TLS 1.2 generating handshake hashes (bsc#1060445). - CVE-2017-7819: Prevent Use-after-free while resizing images in design mode (bsc#1060445). - CVE-2017-7818: Prevent Use-after-free during ARIA array manipulation (bsc#1060445). - CVE-2017-7793: Prevent Use-after-free with Fetch API (bsc#1060445). - CVE-2017-7824: Prevent Buffer overflow when drawing and validating elements with ANGLE (bsc#1060445). - CVE-2017-7810: Fixed several memory safety bugs (bsc#1060445). - CVE-2017-7823: CSP sandbox directive did not create a unique origin (bsc#1060445). - CVE-2017-7814: Blob and data URLs bypassed phishing and malware protection warnings (bsc#1060445). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	103768
published	2017-10-11
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/103768
title	SUSE SLED12 / SLES12 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2017:2688-1)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2017-1114.NASL
description	This update to Mozilla Firefox 52.4esr, along with Mozilla NSS 3.28.6, fixes security issues and bugs. The following vulnerabilities advised upstream under MFSA 2017-22 (boo#1060445) were fixed : - CVE-2017-7793: Use-after-free with Fetch API - CVE-2017-7818: Use-after-free during ARIA array manipulation - CVE-2017-7819: Use-after-free while resizing images in design mode - CVE-2017-7824: Buffer overflow when drawing and validating elements with ANGLE - CVE-2017-7814: Blob and data URLs bypass phishing and malware protection warnings - CVE-2017-7823: CSP sandbox directive did not create a unique origin - CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4 The following security issue was fixed in Mozilla NSS 3.28.6 : - CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes (bsc#1061005) The following bug was fixed : - boo#1029917: language accept header use incorrect locale For compatibility reasons, java-1_8_0-openjdk was rebuilt to the updated version of NSS.
last seen	2020-06-05
modified	2017-10-03
plugin id	103621
published	2017-10-03
reporter	This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/103621
title	openSUSE Security Update : Mozilla Firefox and NSS (openSUSE-2017-1114)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-3987.NASL
description	Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, buffer overflows and other implementation errors may lead to the execution of arbitrary code, denial of service, cross-site scripting or bypass of the phishing and malware protection feature.
last seen	2020-06-01
modified	2020-06-02
plugin id	103579
published	2017-10-02
reporter	This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/103579
title	Debian DSA-3987-1 : firefox-esr - security update

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DLA-1153.NASL
description	Multiple security issues have been found in the Mozilla Thunderbird mail client: Multiple memory safety errors, buffer overflows and other implementation errors may lead to crashes or the execution of arbitrary code. With this update the source package name changes from icedove to thunderbird so icedove will not be mentioned anymore in future advisories. For Debian 7
last seen	2020-03-17
modified	2017-11-02
plugin id	104335
published	2017-11-02
reporter	This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/104335
title	Debian DLA-1153-1 : icedove/thunderbird security update

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2017-911.NASL
description	Potential use-after-free in TLS 1.2 server when verifying client authentication : A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious client could use this flaw to cause an application compiled against NSS to crash or, potentially, execute arbitrary code with the permission of the user running the application. (CVE-2017-7805)
last seen	2020-06-01
modified	2020-06-02
plugin id	103824
published	2017-10-13
reporter	This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/103824
title	Amazon Linux AMI : nss (ALAS-2017-911)

Redhat

advisories

bugzilla

id	1471171
title	CVE-2017-7805 nss: Potential use-after-free in TLS 1.2 server when verifying client authentication

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003

AND

comment nss-pkcs11-devel is earlier than 0:3.28.4-4.el6_9
oval oval:com.redhat.rhsa:tst:20172832001
comment nss-pkcs11-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20150364006

AND
comment nss-tools is earlier than 0:3.28.4-4.el6_9
oval oval:com.redhat.rhsa:tst:20172832003
comment nss-tools is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20150364012
AND
comment nss-devel is earlier than 0:3.28.4-4.el6_9
oval oval:com.redhat.rhsa:tst:20172832005
comment nss-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20150364014
AND
comment nss is earlier than 0:3.28.4-4.el6_9
oval oval:com.redhat.rhsa:tst:20172832007
comment nss is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20150364010
AND
comment nss-sysinit is earlier than 0:3.28.4-4.el6_9
oval oval:com.redhat.rhsa:tst:20172832009
comment nss-sysinit is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20150364008

AND

comment Red Hat Enterprise Linux 7 is installed
oval oval:com.redhat.rhba:tst:20150364027

AND
comment nss-devel is earlier than 0:3.28.4-12.el7_4
oval oval:com.redhat.rhsa:tst:20172832012
comment nss-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20150364014

AND

comment nss-pkcs11-devel is earlier than 0:3.28.4-12.el7_4
oval oval:com.redhat.rhsa:tst:20172832013
comment nss-pkcs11-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20150364006

AND
comment nss-sysinit is earlier than 0:3.28.4-12.el7_4
oval oval:com.redhat.rhsa:tst:20172832014
comment nss-sysinit is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20150364008
AND
comment nss-tools is earlier than 0:3.28.4-12.el7_4
oval oval:com.redhat.rhsa:tst:20172832015
comment nss-tools is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20150364012
AND
comment nss is earlier than 0:3.28.4-12.el7_4
oval oval:com.redhat.rhsa:tst:20172832016
comment nss is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20150364010

rhsa

id	RHSA-2017:2832
released	2017-09-28
severity	Important
title	RHSA-2017:2832: nss security update (Important)

rpms

nss-0:3.28.4-12.el7_4
nss-0:3.28.4-4.el6_9
nss-debuginfo-0:3.28.4-12.el7_4
nss-debuginfo-0:3.28.4-4.el6_9
nss-devel-0:3.28.4-12.el7_4
nss-devel-0:3.28.4-4.el6_9
nss-pkcs11-devel-0:3.28.4-12.el7_4
nss-pkcs11-devel-0:3.28.4-4.el6_9
nss-sysinit-0:3.28.4-12.el7_4
nss-sysinit-0:3.28.4-4.el6_9
nss-tools-0:3.28.4-12.el7_4
nss-tools-0:3.28.4-4.el6_9

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

Redhat

References