| Name | CVE-2017-7824 |
| Description | A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DLA-1118-1, DLA-1153-1, DSA-3987-1, DSA-4014-1 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| firefox (PTS) | sid | 132.0.2-1 | fixed |
| firefox-esr (PTS) | jessie, jessie (lts) | 68.9.0esr-1~deb8u2 | fixed |
| stretch (security), stretch (lts), stretch | 91.11.0esr-1~deb9u1 | fixed | |
| buster (security), buster, buster (lts) | 115.12.0esr-1~deb10u1 | fixed | |
| bullseye | 115.14.0esr-1~deb11u1 | fixed | |
| bullseye (security) | 128.4.0esr-1~deb11u1 | fixed | |
| bookworm | 128.3.1esr-1~deb12u1 | fixed | |
| bookworm (security) | 128.4.0esr-1~deb12u1 | fixed | |
| sid, trixie | 128.4.0esr-1 | fixed | |
| thunderbird (PTS) | jessie, jessie (lts) | 1:68.9.0-1~deb8u2 | fixed |
| stretch (security), stretch (lts), stretch | 1:91.10.0-1~deb9u1 | fixed | |
| buster (security), buster, buster (lts) | 1:115.12.0-1~deb10u1 | fixed | |
| bullseye | 1:115.12.0-1~deb11u1 | fixed | |
| bullseye (security) | 1:128.4.3esr-1~deb11u1 | fixed | |
| bookworm | 1:115.16.0esr-1~deb12u1 | fixed | |
| bookworm (security) | 1:128.4.3esr-1~deb12u1 | fixed | |
| sid, trixie | 1:128.4.3esr-1 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| firefox | source | (unstable) | 56.0-1 | |||
| firefox-esr | source | wheezy | 52.4.0esr-2~deb7u1 | DLA-1118-1 | ||
| firefox-esr | source | jessie | 52.4.0esr-1~deb8u1 | DSA-3987-1 | ||
| firefox-esr | source | stretch | 52.4.0esr-1~deb9u1 | DSA-3987-1 | ||
| firefox-esr | source | (unstable) | 52.4.0esr-2 | |||
| thunderbird | source | wheezy | 1:52.4.0-1~deb7u1 | DLA-1153-1 | ||
| thunderbird | source | jessie | 1:52.4.0-1~deb8u1 | DSA-4014-1 | ||
| thunderbird | source | stretch | 1:52.4.0-1~deb9u1 | DSA-4014-1 | ||
| thunderbird | source | (unstable) | 1:52.4.0-1 |
https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7824
https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7824
https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7824