CVE-2017-7836

Priority
Description
The "pingsender" executable used by the Firefox Health Report dynamically
loads a system copy of libcurl, which an attacker could replace. This
allows for privilege escalation as the replaced libcurl code will run with
Firefox's privileges. Note: This attack requires an attacker have local
system access and only affects OS X and Linux. Windows systems are not
affected. This vulnerability affects Firefox < 57.
Assigned-to
chrisccoulson
Notes
chrisccoulsonThe pingsender binary is not installed by our Firefox
package, although this is a bug
Package
Upstream:released (57.0)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Ubuntu 18.04 LTS (Bionic Beaver):not-affected
More Information

Updated: 2020-01-29 19:59:57 UTC (commit 768ceb2fdee6790d707d0f681e1b54916744af1e)