CVE-2017-7790

Summary

On Windows systems, if non-null-terminated strings are copied into the crash reporter for some specific registry keys, stack memory data can be copied until a null is found. This can potentially contain private data from the local system. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Firefox < 55.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 55affected

Weaknesses

  • Windows crash reporter reads extra memory for some non-null-terminated registry values

ADP Enrichment

CVE Program Container

Additional References

References