CVE-2017-7779

Name	CVE-2017-7779
Description	Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DLA-1053-1, DLA-1087-1, DSA-3928-1, DSA-3968-1
Debian Bugs	872834

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
firefox (PTS)	sid	132.0.2-1	fixed
firefox-esr (PTS)	jessie, jessie (lts)	68.9.0esr-1~deb8u2	fixed
	stretch (security), stretch (lts), stretch	91.11.0esr-1~deb9u1	fixed
	buster (security), buster, buster (lts)	115.12.0esr-1~deb10u1	fixed
	bullseye	115.14.0esr-1~deb11u1	fixed
	bullseye (security)	128.4.0esr-1~deb11u1	fixed
	bookworm	128.3.1esr-1~deb12u1	fixed
	bookworm (security)	128.4.0esr-1~deb12u1	fixed
	sid, trixie	128.4.0esr-1	fixed
icedove (PTS)	jessie	1:52.3.0-4~deb8u2	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
firefox	source	(unstable)	55.0-1
firefox-esr	source	wheezy	52.3.0esr-1~deb7u1		DLA-1053-1
firefox-esr	source	jessie	52.3.0esr-1~deb8u2		DSA-3928-1
firefox-esr	source	stretch	52.3.0esr-1~deb9u1		DSA-3928-1
firefox-esr	source	(unstable)	52.3.0esr-1
icedove	source	wheezy	1:52.3.0-4~deb7u1		DLA-1087-1
icedove	source	jessie	1:52.3.0-4~deb8u2		DSA-3968-1
icedove	source	stretch	1:52.3.0-4~deb9u1		DSA-3968-1
icedove	source	(unstable)	1:52.3.0-1			872834