ID CVE-2017-7805
Summary During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer pointing to the old, freed buffer, resulting in a use-after-free when handshake hashes are then calculated afterwards. This can result in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.
References
Vulnerable Configurations
  • Mozilla Firefox 56.0
    cpe:2.3:a:mozilla:firefox:56.0
  • cpe:2.3:a:mozilla:firefox_esr:52.4.0
    cpe:2.3:a:mozilla:firefox_esr:52.4.0
  • Mozilla Thunderbird 52.4.0
    cpe:2.3:a:mozilla:thunderbird:52.4.0
  • Debian Linux 7.0
    cpe:2.3:o:debian:debian_linux:7.0
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • Debian Linux 9.0
    cpe:2.3:o:debian:debian_linux:9.0
CVSS
Base: 5.0
Impact:
Exploitability:
CWE CWE-416
CAPEC
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201802-03.NASL
    description The remote host is affected by the vulnerability described in GLSA-201802-03 (Mozilla Firefox: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the referenced CVE identifiers for details. Impact : A remote attacker could entice a user to view a specially crafted web page, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impact. Workaround : There is no known workaround at this time.
    last seen 2019-01-16
    modified 2018-08-02
    plugin id 106884
    published 2018-02-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106884
    title GLSA-201802-03 : Mozilla Firefox: Multiple vulnerabilities
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3435-2.NASL
    description USN-3435-1 fixed vulnerabilities in Firefox. The update caused the Flash plugin to crash in some circumstances. This update fixes the problem. We apologize for the inconvenience. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, obtain sensitive information, bypass phishing and malware protection, spoof the origin in modal dialogs, conduct cross-site scripting (XSS) attacks, cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-7793, CVE-2017-7810, CVE-2017-7811, CVE-2017-7812, CVE-2017-7813, CVE-2017-7814, CVE-2017-7815, CVE-2017-7818, CVE-2017-7819, CVE-2017-7820, CVE-2017-7822, CVE-2017-7823, CVE-2017-7824) Martin Thomson discovered that NSS incorrectly generated handshake hashes. A remote attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-7805) Multiple security issues were discovered in WebExtensions. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit these to download and open non-executable files without interaction, or obtain elevated privileges. (CVE-2017-7816, CVE-2017-7821). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-12-01
    plugin id 103667
    published 2017-10-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103667
    title Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : firefox regression (USN-3435-2)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_119213-37.NASL
    description NSS_NSPR_JSS 3.34: NSPR 4.17 / NSS 3.34 /. Date this patch was last updated by Sun : May/16/18
    last seen 2018-10-27
    modified 2018-10-26
    plugin id 109911
    published 2018-05-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109911
    title Solaris 10 (sparc) : 119213-37
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_119214-37.NASL
    description NSS_NSPR_JSS 3.34_x86: NSPR 4.17 / NSS 3.3. Date this patch was last updated by Sun : May/16/18
    last seen 2018-10-31
    modified 2018-10-29
    plugin id 109912
    published 2018-05-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109912
    title Solaris 10 (x86) : 119214-37
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201803-14.NASL
    description The remote host is affected by the vulnerability described in GLSA-201803-14 (Mozilla Thunderbird: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the referenced Mozilla Foundation Security Advisories and CVE identifiers below for details. Impact : A remote attacker may be able to execute arbitrary code, cause a Denial of Service condition, obtain sensitive information, conduct URL hijacking, or conduct cross-site scripting (XSS). Workaround : There is no known workaround at this time.
    last seen 2019-01-16
    modified 2018-09-04
    plugin id 108820
    published 2018-04-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108820
    title GLSA-201803-14 : Mozilla Thunderbird: Multiple vulnerabilities
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_1098A15BB0F642B7B5C78A8646E8BE07.NASL
    description Mozilla Foundation reports : CVE-2017-7793: Use-after-free with Fetch API CVE-2017-7817: Firefox for Android address bar spoofing through fullscreen mode CVE-2017-7818: Use-after-free during ARIA array manipulation CVE-2017-7819: Use-after-free while resizing images in design mode CVE-2017-7824: Buffer overflow when drawing and validating elements with ANGLE CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes CVE-2017-7812: Drag and drop of malicious page content to the tab bar can open locally stored files CVE-2017-7814: Blob and data URLs bypass phishing and malware protection warnings CVE-2017-7813: Integer truncation in the JavaScript parser CVE-2017-7825: OS X fonts render some Tibetan and Arabic unicode characters as spaces CVE-2017-7815: Spoofing attack with modal dialogs on non-e10s installations CVE-2017-7816: WebExtensions can load about: URLs in extension UI CVE-2017-7821: WebExtensions can download and open non-executable files without user interaction CVE-2017-7823: CSP sandbox directive did not create a unique origin CVE-2017-7822: WebCrypto allows AES-GCM with 0-length IV CVE-2017-7820: Xray wrapper bypass with new tab and web console CVE-2017-7811: Memory safety bugs fixed in Firefox 56 CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 103556
    published 2017-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103556
    title FreeBSD : mozilla -- multiple vulnerabilities (1098a15b-b0f6-42b7-b5c7-8a8646e8be07)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3987.NASL
    description Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, buffer overflows and other implementation errors may lead to the execution of arbitrary code, denial of service, cross-site scripting or bypass of the phishing and malware protection feature.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 103579
    published 2017-10-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103579
    title Debian DSA-3987-1 : firefox-esr - security update
  • NASL family Virtuozzo Local Security Checks
    NASL id VIRTUOZZO_VZLSA-2017-2832.NASL
    description An update for nss is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix(es) : * A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious client could use this flaw to cause an application compiled against NSS to crash or, potentially, execute arbitrary code with the permission of the user running the application. (CVE-2017-7805) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Martin Thomson as the original reporter. Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-11-27
    plugin id 119229
    published 2018-11-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119229
    title Virtuozzo 6 : nss / nss-devel / nss-pkcs11-devel / nss-sysinit / etc (VZLSA-2017-2832)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2017-911.NASL
    description Potential use-after-free in TLS 1.2 server when verifying client authentication : A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious client could use this flaw to cause an application compiled against NSS to crash or, potentially, execute arbitrary code with the permission of the user running the application. (CVE-2017-7805)
    last seen 2019-01-16
    modified 2018-08-31
    plugin id 103824
    published 2017-10-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103824
    title Amazon Linux AMI : nss (ALAS-2017-911)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_FIREFOX_56_0.NASL
    description The version of Mozilla Firefox installed on the remote macOS or Mac OS X host is prior to 56. It is, therefore, affected by multiple vulnerabilities, some of which allow code execution and potentially exploitable application crashes.
    last seen 2019-01-16
    modified 2018-07-14
    plugin id 103678
    published 2017-10-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103678
    title Mozilla Firefox < 56 Multiple Vulnerabilities (macOS)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-2872-1.NASL
    description This update for MozillaFirefox and mozilla-nss fixes the following issues: Mozilla Firefox was updated to ESR 52.4 (bsc#1060445) - MFSA 2017-22/CVE-2017-7825: OS X fonts render some Tibetan and Arabic unicode characters as spaces - MFSA 2017-22/CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes - MFSA 2017-22/CVE-2017-7819: Use-after-free while resizing images in design mode - MFSA 2017-22/CVE-2017-7818: Use-after-free during ARIA array manipulation - MFSA 2017-22/CVE-2017-7793: Use-after-free with Fetch API - MFSA 2017-22/CVE-2017-7824: Buffer overflow when drawing and validating elements with ANGLE - MFSA 2017-22/CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4 - MFSA 2017-22/CVE-2017-7823: CSP sandbox directive did not create a unique origin - MFSA 2017-22/CVE-2017-7814: Blob and data URLs bypass phishing and malware protection warnings Mozilla Network Security Services (Mozilla NSS) received a security fix : - MFSA 2017-22/CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes (bsc#1061005, bsc#1060445) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-11-30
    plugin id 104254
    published 2017-10-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104254
    title SUSE SLES11 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2017:2872-1)
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_52_4_ESR.NASL
    description The version of Mozilla Firefox ESR installed on the remote Windows host is prior to 52.4. It is, therefore, affected by multiple vulnerabilities, some of which allow code execution and potentially exploitable crashes.
    last seen 2019-01-16
    modified 2018-07-16
    plugin id 103679
    published 2017-10-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103679
    title Mozilla Firefox ESR < 52.4 Multiple Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-2688-1.NASL
    description This update for MozillaFirefox to ESR 52.4, mozilla-nss fixes the following issues: This security issue was fixed for mozilla-nss : - CVE-2017-7805: Prevent use-after-free in TLS 1.2 when generating handshake hashes (bsc#1061005) These security issues were fixed for Firefox - CVE-2017-7825: Fixed some Tibetan and Arabic unicode characters rendering (bsc#1060445). - CVE-2017-7805: Prevent Use-after-free in TLS 1.2 generating handshake hashes (bsc#1060445). - CVE-2017-7819: Prevent Use-after-free while resizing images in design mode (bsc#1060445). - CVE-2017-7818: Prevent Use-after-free during ARIA array manipulation (bsc#1060445). - CVE-2017-7793: Prevent Use-after-free with Fetch API (bsc#1060445). - CVE-2017-7824: Prevent Buffer overflow when drawing and validating elements with ANGLE (bsc#1060445). - CVE-2017-7810: Fixed several memory safety bugs (bsc#1060445). - CVE-2017-7823: CSP sandbox directive did not create a unique origin (bsc#1060445). - CVE-2017-7814: Blob and data URLs bypassed phishing and malware protection warnings (bsc#1060445). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-11-30
    plugin id 103768
    published 2017-10-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103768
    title SUSE SLED12 / SLES12 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2017:2688-1)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_E71FD9D3AF4711E7A633009C02A2AB30.NASL
    description Mozilla reports : During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer pointing to the old, freed buffer, resulting in a use-after-free when handshake hashes are then calculated afterwards. This can result in a potentially exploitable crash.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 103828
    published 2017-10-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103828
    title FreeBSD : nss -- Use-after-free in TLS 1.2 generating handshake hashes (e71fd9d3-af47-11e7-a633-009c02a2ab30)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-4014.NASL
    description Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 104340
    published 2017-11-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104340
    title Debian DSA-4014-1 : thunderbird - security update
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-1114.NASL
    description This update to Mozilla Firefox 52.4esr, along with Mozilla NSS 3.28.6, fixes security issues and bugs. The following vulnerabilities advised upstream under MFSA 2017-22 (boo#1060445) were fixed : - CVE-2017-7793: Use-after-free with Fetch API - CVE-2017-7818: Use-after-free during ARIA array manipulation - CVE-2017-7819: Use-after-free while resizing images in design mode - CVE-2017-7824: Buffer overflow when drawing and validating elements with ANGLE - CVE-2017-7814: Blob and data URLs bypass phishing and malware protection warnings - CVE-2017-7823: CSP sandbox directive did not create a unique origin - CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4 The following security issue was fixed in Mozilla NSS 3.28.6 : - CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes (bsc#1061005) The following bug was fixed : - boo#1029917: language accept header use incorrect locale For compatibility reasons, java-1_8_0-openjdk was rebuilt to the updated version of NSS.
    last seen 2019-01-16
    modified 2018-09-04
    plugin id 103621
    published 2017-10-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103621
    title openSUSE Security Update : Mozilla Firefox and NSS (openSUSE-2017-1114)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2017-2832.NASL
    description An update for nss is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix(es) : * A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious client could use this flaw to cause an application compiled against NSS to crash or, potentially, execute arbitrary code with the permission of the user running the application. (CVE-2017-7805) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Martin Thomson as the original reporter.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 103574
    published 2017-10-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103574
    title CentOS 6 / 7 : nss (CESA-2017:2832)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1153.NASL
    description Multiple security issues have been found in the Mozilla Thunderbird mail client: Multiple memory safety errors, buffer overflows and other implementation errors may lead to crashes or the execution of arbitrary code. With this update the source package name changes from icedove to thunderbird so icedove will not be mentioned anymore in future advisories. For Debian 7 'Wheezy', these problems have been fixed in version 1:52.4.0-1~deb7u1. We recommend that you upgrade your thunderbird packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-08-31
    plugin id 104335
    published 2017-11-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104335
    title Debian DLA-1153-1 : icedove/thunderbird security update
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1138.NASL
    description Martin Thomson discovered that nss, the Mozilla Network Security Service library, is prone to a use-after-free vulnerability in the TLS 1.2 implementation when handshake hashes are generated. A remote attacker can take advantage of this flaw to cause an application using the nss library to crash, resulting in a denial of service, or potentially to execute arbitrary code. For Debian 7 'Wheezy', these problems have been fixed in version 2:3.26-1+debu7u5. We recommend that you upgrade your nss packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-08-31
    plugin id 103988
    published 2017-10-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103988
    title Debian DLA-1138-1 : nss security update
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2017-1246.NASL
    description According to the version of the nss packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious client could use this flaw to cause an application compiled against NSS to crash or, potentially, execute arbitrary code with the permission of the user running the application.(CVE-2017-7805) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-11-14
    plugin id 103937
    published 2017-10-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103937
    title EulerOS 2.0 SP1 : nss (EulerOS-SA-2017-1246)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3998.NASL
    description Martin Thomson discovered that nss, the Mozilla Network Security Service library, is prone to a use-after-free vulnerability in the TLS 1.2 implementation when handshake hashes are generated. A remote attacker can take advantage of this flaw to cause an application using the nss library to crash, resulting in a denial of service, or potentially to execute arbitrary code.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 103794
    published 2017-10-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103794
    title Debian DSA-3998-1 : nss - security update
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2017-1247.NASL
    description According to the version of the nss packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious client could use this flaw to cause an application compiled against NSS to crash or, potentially, execute arbitrary code with the permission of the user running the application.(CVE-2017-7805) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-11-14
    plugin id 103938
    published 2017-10-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103938
    title EulerOS 2.0 SP2 : nss (EulerOS-SA-2017-1247)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2017-2832.NASL
    description From Red Hat Security Advisory 2017:2832 : An update for nss is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix(es) : * A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious client could use this flaw to cause an application compiled against NSS to crash or, potentially, execute arbitrary code with the permission of the user running the application. (CVE-2017-7805) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Martin Thomson as the original reporter.
    last seen 2019-01-16
    modified 2018-09-05
    plugin id 103559
    published 2017-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103559
    title Oracle Linux 6 / 7 : nss (ELSA-2017-2832)
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_56_0.NASL
    description The version of Mozilla Firefox installed on the remote Windows host is prior to 56. It is, therefore, affected by multiple vulnerabilities, some of which allow code execution and potentially exploitable crashes.
    last seen 2019-01-16
    modified 2018-07-16
    plugin id 103680
    published 2017-10-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103680
    title Mozilla Firefox < 56 Multiple Vulnerabilities
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3435-1.NASL
    description Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, obtain sensitive information, bypass phishing and malware protection, spoof the origin in modal dialogs, conduct cross-site scripting (XSS) attacks, cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-7793, CVE-2017-7810, CVE-2017-7811, CVE-2017-7812, CVE-2017-7813, CVE-2017-7814, CVE-2017-7815, CVE-2017-7818, CVE-2017-7819, CVE-2017-7820, CVE-2017-7822, CVE-2017-7823, CVE-2017-7824) Martin Thomson discovered that NSS incorrectly generated handshake hashes. A remote attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-7805) Multiple security issues were discovered in WebExtensions. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit these to download and open non-executable files without interaction, or obtain elevated privileges. (CVE-2017-7816, CVE-2017-7821). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-12-01
    plugin id 103646
    published 2017-10-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103646
    title Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : firefox vulnerabilities (USN-3435-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-2872-2.NASL
    description This update for MozillaFirefox and mozilla-nss fixes the following issues: Mozilla Firefox was updated to ESR 52.4 (bsc#1060445) - MFSA 2017-22/CVE-2017-7825: OS X fonts render some Tibetan and Arabic unicode characters as spaces - MFSA 2017-22/CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes - MFSA 2017-22/CVE-2017-7819: Use-after-free while resizing images in design mode - MFSA 2017-22/CVE-2017-7818: Use-after-free during ARIA array manipulation - MFSA 2017-22/CVE-2017-7793: Use-after-free with Fetch API - MFSA 2017-22/CVE-2017-7824: Buffer overflow when drawing and validating elements with ANGLE - MFSA 2017-22/CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4 - MFSA 2017-22/CVE-2017-7823: CSP sandbox directive did not create a unique origin - MFSA 2017-22/CVE-2017-7814: Blob and data URLs bypass phishing and malware protection warnings Mozilla Network Security Services (Mozilla NSS) received a security fix : - MFSA 2017-22/CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes (bsc#1061005, bsc#1060445) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-11-30
    plugin id 104542
    published 2017-11-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104542
    title SUSE SLES11 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2017:2872-2)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-1144.NASL
    description Mozilla Thunderbird was updated to 52.4.0 (boo#1060445) - new behavior was introduced for replies to mailing list posts: 'When replying to a mailing list, reply will be sent to address in From header ignoring Reply-to header'. A new preference mail.override_list_reply_to allows to restore the previous behavior. - Under certain circumstances (image attachment and non-image attachment), attached images were shown truncated in messages stored in IMAP folders not synchronised for offline use. - IMAP UIDs > 0x7FFFFFFF now handled properly Security fixes from Gecko 52.4esr - CVE-2017-7793 (bmo#1371889) Use-after-free with Fetch API - CVE-2017-7818 (bmo#1363723) Use-after-free during ARIA array manipulation - CVE-2017-7819 (bmo#1380292) Use-after-free while resizing images in design mode - CVE-2017-7824 (bmo#1398381) Buffer overflow when drawing and validating elements with ANGLE - CVE-2017-7805 (bmo#1377618) (fixed via NSS requirement) Use-after-free in TLS 1.2 generating handshake hashes - CVE-2017-7814 (bmo#1376036) Blob and data URLs bypass phishing and malware protection warnings - CVE-2017-7825 (bmo#1393624, bmo#1390980) (OSX-only) OS X fonts render some Tibetan and Arabic unicode characters as spaces - CVE-2017-7823 (bmo#1396320) CSP sandbox directive did not create a unique origin - CVE-2017-7810 Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4 - Add alsa-devel BuildRequires: we care for ALSA support to be built and thus need to ensure we get the dependencies in place. In the past, alsa-devel was pulled in by accident: we buildrequire libgnome-devel. This required esound-devel and that in turn pulled in alsa-devel for us. libgnome is being fixed to no longer require esound-devel.
    last seen 2019-01-16
    modified 2018-09-04
    plugin id 103798
    published 2017-10-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103798
    title openSUSE Security Update : MozillaThunderbird (openSUSE-2017-1144)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3436-1.NASL
    description Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing-like context, an attacker could potentially exploit these to read uninitialized memory, bypass phishing and malware protection, conduct cross-site scripting (XSS) attacks, cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-7793, CVE-2017-7810, CVE-2017-7814, CVE-2017-7818, CVE-2017-7819, CVE-2017-7823, CVE-2017-7824) Martin Thomson discovered that NSS incorrectly generated handshake hashes. A remote attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-7805). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-12-01
    plugin id 103808
    published 2017-10-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103808
    title Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : thunderbird vulnerabilities (USN-3436-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1118.NASL
    description Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, buffer overflows and other implementation errors may lead to the execution of arbitrary code, denial of service, cross-site scripting or bypass of the phishing and malware protection feature. For Debian 7 'Wheezy', these problems have been fixed in version 52.4.0esr-2~deb7u1. We recommend that you upgrade your firefox-esr packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-08-31
    plugin id 103576
    published 2017-10-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103576
    title Debian DLA-1118-1 : firefox-esr security update
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-2832.NASL
    description An update for nss is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix(es) : * A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious client could use this flaw to cause an application compiled against NSS to crash or, potentially, execute arbitrary code with the permission of the user running the application. (CVE-2017-7805) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Martin Thomson as the original reporter.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 103562
    published 2017-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103562
    title RHEL 6 / 7 : nss (RHSA-2017:2832)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3431-1.NASL
    description Martin Thomson discovered that NSS incorrectly generated handshake hashes. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-12-01
    plugin id 103642
    published 2017-10-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103642
    title Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : nss vulnerability (USN-3431-1)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20170929_NSS_ON_SL6_X.NASL
    description Security Fix(es) : - A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious client could use this flaw to cause an application compiled against NSS to crash or, potentially, execute arbitrary code with the permission of the user running the application. (CVE-2017-7805)
    last seen 2019-01-16
    modified 2018-12-27
    plugin id 103595
    published 2017-10-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103595
    title Scientific Linux Security Update : nss on SL6.x, SL7.x i386/x86_64
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_FIREFOX_52_4_ESR.NASL
    description The version of Mozilla Firefox ESR installed on the remote macOS or Mac OS X host is prior to 52.4. It is, therefore, affected by multiple vulnerabilities, some of which allow code execution and potentially exploitable crashes.
    last seen 2019-01-16
    modified 2018-07-14
    plugin id 103677
    published 2017-10-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103677
    title Mozilla Firefox ESR < 52.4 Multiple Vulnerabilities (macOS)
redhat via4
advisories
bugzilla
id 1471171
title CVE-2017-7805 nss: Potential use-after-free in TLS 1.2 server when verifying client authentication
oval
OR
  • AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
    • OR
      • AND
        • comment nss is earlier than 0:3.28.4-4.el6_9
          oval oval:com.redhat.rhsa:tst:20172832005
        • comment nss is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100862006
      • AND
        • comment nss-devel is earlier than 0:3.28.4-4.el6_9
          oval oval:com.redhat.rhsa:tst:20172832009
        • comment nss-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100862014
      • AND
        • comment nss-pkcs11-devel is earlier than 0:3.28.4-4.el6_9
          oval oval:com.redhat.rhsa:tst:20172832007
        • comment nss-pkcs11-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100862010
      • AND
        • comment nss-sysinit is earlier than 0:3.28.4-4.el6_9
          oval oval:com.redhat.rhsa:tst:20172832013
        • comment nss-sysinit is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100862008
      • AND
        • comment nss-tools is earlier than 0:3.28.4-4.el6_9
          oval oval:com.redhat.rhsa:tst:20172832011
        • comment nss-tools is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100862012
  • AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhsa:tst:20140675001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhsa:tst:20140675002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20140675003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20140675004
    • OR
      • AND
        • comment nss is earlier than 0:3.28.4-12.el7_4
          oval oval:com.redhat.rhsa:tst:20172832022
        • comment nss is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100862006
      • AND
        • comment nss-devel is earlier than 0:3.28.4-12.el7_4
          oval oval:com.redhat.rhsa:tst:20172832021
        • comment nss-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100862014
      • AND
        • comment nss-pkcs11-devel is earlier than 0:3.28.4-12.el7_4
          oval oval:com.redhat.rhsa:tst:20172832019
        • comment nss-pkcs11-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100862010
      • AND
        • comment nss-sysinit is earlier than 0:3.28.4-12.el7_4
          oval oval:com.redhat.rhsa:tst:20172832023
        • comment nss-sysinit is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100862008
      • AND
        • comment nss-tools is earlier than 0:3.28.4-12.el7_4
          oval oval:com.redhat.rhsa:tst:20172832020
        • comment nss-tools is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100862012
rhsa
id RHSA-2017:2832
released 2017-09-28
severity Important
title RHSA-2017:2832: nss security update (Important)
rpms
  • nss-0:3.28.4-4.el6_9
  • nss-devel-0:3.28.4-4.el6_9
  • nss-pkcs11-devel-0:3.28.4-4.el6_9
  • nss-sysinit-0:3.28.4-4.el6_9
  • nss-tools-0:3.28.4-4.el6_9
  • nss-0:3.28.4-12.el7_4
  • nss-devel-0:3.28.4-12.el7_4
  • nss-pkcs11-devel-0:3.28.4-12.el7_4
  • nss-sysinit-0:3.28.4-12.el7_4
  • nss-tools-0:3.28.4-12.el7_4
refmap via4
bid 101059
confirm
debian
  • DSA-3987
  • DSA-3998
  • DSA-4014
gentoo GLSA-201803-14
mlist [debian-lts-announce] 20171101 [SECURITY] [DLA 1153-1] icedove/thunderbird security update
sectrack 1039465
Last major update 11-06-2018 - 17:29
Published 11-06-2018 - 17:29
Last modified 16-10-2018 - 21:30
Back to Top