The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Firefox, Thunderbird: buffer overflow via ANGLE Library Using Direct 3D 9

Synthesis of the vulnerability 

An attacker can generate a buffer overflow via ANGLE Library Using Direct 3D 9 of Firefox/Thunderbird, in order to trigger a denial of service, and possibly to run code.
Impacted products: Fedora, Firefox, SeaMonkey, Thunderbird, Slackware.
Severity of this bulletin: 4/4.
Creation date: 08/12/2017.
Références of this threat: CERTFR-2017-AVI-455, CVE-2017-7845, FEDORA-2018-16a76da6cc, FEDORA-2018-3ec87df5ba, FEDORA-2018-4e65ec8cc4, FEDORA-2018-e1539d9bc6, FEDORA-2019-7f7489dc8c, MFSA-2017-28, MFSA-2017-29, MFSA-2017-30, SSA:2019-247-01, VIGILANCE-VUL-24705.

Description of the vulnerability 

An attacker can generate a buffer overflow via ANGLE Library Using Direct 3D 9 of Firefox/Thunderbird, in order to trigger a denial of service, and possibly to run code.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This security weakness impacts software or systems such as Fedora, Firefox, SeaMonkey, Thunderbird, Slackware.

Our Vigil@nce team determined that the severity of this threat bulletin is critical.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this threat.

Solutions for this threat 

Firefox: version 57.0.2.
The version 57.0.2 is fixed:
  https://www.mozilla.org/

Firefox: version 52.5.2.
The version 52.5.2 is fixed:
  https://www.mozilla.org/

Thunderbird: version 52.5.2.
The version 52.5.2 is fixed:
  https://www.mozilla.org/

Fedora 30: new seamonkey packages.
New packages are available:
  Fedora 30: seamonkey 2.49.5-1.fc30

Fedora: new icecat packages.
New packages are available:
  Fedora 26: icecat 52.5.3-2.fc26
  Fedora 27: icecat 52.5.3-2.fc27

Fedora: new thunderbird packages.
New packages are available:
  Fedora 26: thunderbird 52.5.2-1.fc26
  Fedora 27: thunderbird 52.5.2-1.fc27

SeaMonkey: version 2.49.5.
The version 2.49.5 is fixed:
  http://www.seamonkey-project.org/

Slackware: new seamonkey packages.
New packages are available:
  Slackware 14.2: seamonkey 2.49.5-*-1_slack14.2
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides cybersecurity patches. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.