Description
A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. Note: This attack only affects Windows operating systems. Other operating systems are unaffected. This vulnerability affects Thunderbird < 52.5.2, Firefox ESR < 52.5.2, and Firefox < 57.0.2.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Thunderbird | affected |
|
||||||
| Mozilla | Firefox ESR | affected |
|
||||||
| Mozilla | Firefox | affected |
|
Configuration 1 [-]
| AND |
|
No data.
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2017-16820 | A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. Note: This attack only affects Windows operating systems. Other operating systems are unaffected. This vulnerability affects Thunderbird < 52.5.2, Firefox ESR < 52.5.2, and Firefox < 57.0.2. |
References
History
Tue, 25 Nov 2025 18:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | ||
| Vendors & Products |
Mozilla firefox Esr
|
MITRE
Status: PUBLISHED
Assigner: mozilla
Published:
Updated: 2024-08-05T16:19:28.566Z
Reserved: 2017-04-12T00:00:00.000Z
Link: CVE-2017-7845
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-06-11T21:29:12.013
Modified: 2025-11-25T17:50:16.803
Link: CVE-2017-7845
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses