### [CVE-2017-7845](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7845)
![](https://img.shields.io/static/v1?label=Product&message=Firefox%20ESR&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Firefox&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Thunderbird&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3C%2052.5.2%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=%3C%2057.0.2%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Buffer%20overflow%20when%20drawing%20and%20validating%20elements%20with%20ANGLE%20library%20using%20Direct%203D%209&color=brighgreen)

### Description

A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. Note: This attack only affects Windows operating systems. Other operating systems are unaffected. This vulnerability affects Thunderbird < 52.5.2, Firefox ESR < 52.5.2, and Firefox < 57.0.2.

### POC

#### Reference
- https://bugzilla.mozilla.org/show_bug.cgi?id=1402372

#### Github
No PoCs found on GitHub currently.