| Title | Thunderbird および Firefox における入力確認に関する脆弱性 |
|---|---|
| Summary | Thunderbird および Firefox には、入力確認に関する脆弱性が存在します。 |
| Possible impacts | 情報を改ざんされる可能性があります。 |
| Solution | ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。 |
| Publication Date | Aug. 8, 2017, midnight |
| Registration Date | Aug. 20, 2018, 5:47 p.m. |
| Last Update | Aug. 20, 2018, 5:47 p.m. |
| CVSS3.0 : 重要 | |
| Score | 7.5 |
|---|---|
| Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
| CVSS2.0 : 警告 | |
| Score | 5 |
|---|---|
| Vector | AV:N/AC:L/Au:N/C:N/I:P/A:N |
| Mozilla Foundation |
| Mozilla Firefox 55 未満 |
| Mozilla Firefox ESR 52.3 未満 |
| Mozilla Thunderbird 52.3 未満 |
| No | Changed Details | Date of change |
|---|---|---|
| 1 | [2018年08月20日] 掲載 |
Aug. 20, 2018, 5:47 p.m. |
| Summary | The destructor function for the "WindowsDllDetourPatcher" class can be re-purposed by malicious code in concert with another vulnerability to write arbitrary data to an attacker controlled location in memory. This can be used to bypass existing memory protections in this situation. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. |
|---|---|
| Publication Date | June 12, 2018, 6:29 a.m. |
| Registration Date | Jan. 26, 2021, 1:29 p.m. |
| Last Update | Nov. 21, 2024, 12:32 p.m. |
| Configuration1 | or higher | or less | more than | less than | |
| cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* | 55.0 | ||||
| cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* | 52.3.0 | ||||
| cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* | 52.3.0 | ||||
| execution environment | |||||
| 1 | cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* | ||||