All the vulnerabilites related to mozilla.org contributors - Mozilla Firefox ESR
jvndb-2017-000171
Vulnerability from jvndb
Published
2017-07-11 13:48
Modified
2018-08-30 18:03
Severity ?
7.8 (High) - cvssV3_0 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Installers of Mozilla Firefox and Thunderbird for Windows may insecurely load Dynamic Link Libraries
Details
Installers of Mozilla Firefox and Thunderbird for Windows provided by Mozilla Foundation contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
JVN https://jvn.jp/en/jp/JVN81676004/index.html
JVN https://jvn.jp/en/ta/JVNTA91240916/
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7755
NVD https://nvd.nist.gov/vuln/detail/CVE-2017-7755
No Mapping(CWE-Other) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Impacted products
mozilla.org contributorsMozilla Firefox
mozilla.org contributorsMozilla Firefox ESR
mozilla.org contributorsMozilla Thunderbird
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000171.html",
  "dc:date": "2018-08-30T18:03+09:00",
  "dcterms:issued": "2017-07-11T13:48+09:00",
  "dcterms:modified": "2018-08-30T18:03+09:00",
  "description": "Installers of Mozilla Firefox and Thunderbird for Windows provided by Mozilla Foundation contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).\r\n\r\nEili Masami of Tachibana Lab. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000171.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:mozilla:firefox",
      "@product": "Mozilla Firefox",
      "@vendor": "mozilla.org contributors",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:mozilla:firefox_esr",
      "@product": "Mozilla Firefox ESR",
      "@vendor": "mozilla.org contributors",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:mozilla:thunderbird",
      "@product": "Mozilla Thunderbird",
      "@vendor": "mozilla.org contributors",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "6.8",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "7.8",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2017-000171",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN81676004/index.html",
      "@id": "JVN#81676004",
      "@source": "JVN"
    },
    {
      "#text": "https://jvn.jp/en/ta/JVNTA91240916/",
      "@id": "JVNTA#91240916",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7755",
      "@id": "CVE-2017-7755",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-7755",
      "@id": "CVE-2017-7755",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Installers of Mozilla Firefox and Thunderbird for Windows may insecurely load Dynamic Link Libraries"
}