CyberSec.Space Logo
Back to CVE Browser

CVE-2017-7784

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1520%
EPSS Percentile22.85th
PublishedJun 11, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

Affected Platforms (CPE)

πŸ’»
Debian

Debian Linux

= 8.0
πŸ’»
Debian

Debian Linux

= 9.0
πŸ’»
Redhat

Enterprise Linux

= 5.0
πŸ’»
Redhat

Enterprise Linux

= 6.0
πŸ’»
Redhat

Enterprise Linux

= 7.0
πŸ’»
Redhat

Enterprise Linux Desktop

= 5.0
πŸ’»
Redhat

Enterprise Linux Desktop

= 6.0
πŸ’»
Redhat

Enterprise Linux Desktop

= 7.0
πŸ’»
Redhat

Enterprise Linux Server

= 5.0
πŸ’»
Redhat

Enterprise Linux Server

= 6.0
πŸ’»
Redhat

Enterprise Linux Server

= 7.0
πŸ’»
Redhat

Enterprise Linux Server Aus

= 7.3
πŸ’»
Redhat

Enterprise Linux Server Aus

= 7.4
πŸ’»
Redhat

Enterprise Linux Server Eus

= 7.3
πŸ’»
Redhat

Enterprise Linux Server Eus

= 7.4
πŸ’»
Redhat

Enterprise Linux Server Eus

= 7.5
πŸ’»
Redhat

Enterprise Linux Workstation

= 5.0
πŸ’»
Redhat

Enterprise Linux Workstation

= 6.0
πŸ’»
Redhat

Enterprise Linux Workstation

= 7.0
πŸ“¦
Mozilla

Thunderbird

< 52.3.0
πŸ“¦
Mozilla

Firefox

< 55.0
πŸ“¦
Mozilla

Firefox Esr

< 52.3

References & Advisories

πŸ”— http://www.securityfocus.com/bid/100202
πŸ”— http://www.securitytracker.com/id/1039124
πŸ”— https://access.redhat.com/errata/RHSA-2017:2456
πŸ”— https://access.redhat.com/errata/RHSA-2017:2534
πŸ”— https://bugzilla.mozilla.org/show_bug.cgi?id=1376087
πŸ”— https://security.gentoo.org/glsa/201803-14
πŸ”— https://www.debian.org/security/2017/dsa-3928
πŸ”— https://www.debian.org/security/2017/dsa-3968

Related Vulnerabilities

CVE-1999-069810.0

Denial of service in IP protocol logger (ippl) on Red Hat and Debian Linux.

CVE-2026-234628.8

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HIDP: Fix possible UAF This fixes the following t...

CVE-2006-70948.5

ftpd, as used by Gentoo and Debian Linux, sets the gid to the effective uid instead of the effective group id before executing /bi...

CVE-2026-231717.8

In the Linux kernel, the following vulnerability has been resolved: bonding: fix use-after-free due to enslave fail after slave a...