CVE-2017-7836 - log back

CVE-2017-7836 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Local
Type
+ Privilege escalation
Description
+ The "pingsender" executable used by the Firefox Health Report before 57.0 dynamically loads a system copy of libcurl, which an attacker could replace. This allows for privilege escalation as the replaced libcurl code will run with Firefox's privileges. This attack requires an attacker have local system access.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7836
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1401339
Notes