VDB

CVE-2017-7836

CVE-2017-7836 PUBLISHED

Reported by mozilla · Published June 11, 2018

The "pingsender" executable used by the Firefox Health Report dynamically loads a system copy of libcurl, which an attacker could replace. This allows for privilege escalation as the replaced libcurl code will run with Firefox's privileges. Note: This attack requires an attacker have local system access and only affects OS X and Linux. Windows systems are not affected. This vulnerability affects Firefox < 57.

Affected Products

VendorProductVersions
MozillaFirefoxunspecified
MozillaFirefoxunspecified

Timeline

  • Jun 11, 2018 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 22, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Oct 25, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Feb 27, 2022 EPSS Score
  • May 1, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score
  • Nov 5, 2022 EPSS Score
  • Jan 7, 2023 EPSS Score

References

  • x_refsource_CONFIRM
  • 101832 vdb-entryx_refsource_BID
  • 1039803 vdb-entryx_refsource_SECTRACK
  • x_refsource_CONFIRM
Open in Interactive Console →
$ Console Community · 100/wk Open console ›