CVE-2017-7836 log
| Source |
|
| Severity | Medium |
| Remote | No |
| Type | Privilege escalation |
| Description | The "pingsender" executable used by the Firefox Health Report before 57.0 dynamically loads a system copy of libcurl, which an attacker could replace. This allows for privilege escalation as the replaced libcurl code will run with Firefox's privileges. This attack requires an attacker have local system access. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-494 | firefox | 56.0.2-1 | 57.0-1 | Critical | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 15 Nov 2017 | ASA-201711-23 | AVG-494 | firefox | Critical | multiple issues |
| References |
|---|
https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7836 https://bugzilla.mozilla.org/show_bug.cgi?id=1401339 |