CVE-2017-7824
9.8
CRITICAL
CVSS 3.1
EPSS 12.1%
Description
A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.
How to fix CVE-2017-7824
To remediate CVE-2017-7824, upgrade the affected package to a fixed version below.
- Debian/firefox-esr—upgrade to 52.4.0esr-2 or later
- —upgrade to 1:52.4.0-1 or later
Is CVE-2017-7824 being exploited?
Moderate — EPSS is 12.1%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 52.4.0esr-2
- from 0, < 1:52.4.0-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |