CVE-2017-7836 log

Source
Severity Medium
Remote No
Type Privilege escalation
Description
The "pingsender" executable used by the Firefox Health Report before 57.0 dynamically loads a system copy of libcurl, which an attacker could replace. This allows for privilege escalation as the replaced libcurl code will run with Firefox's privileges. This attack requires an attacker have local system access.
Group Package Affected Fixed Severity Status Ticket
AVG-494 firefox 56.0.2-1 57.0-1 Critical Fixed
Date Advisory Group Package Severity Description
15 Nov 2017 ASA-201711-23 AVG-494 firefox Critical multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7836
https://bugzilla.mozilla.org/show_bug.cgi?id=1401339