CVE-2017-5378
HIGHThunderbird <45.7, Firefox ESR <45.7, Firefox <51 - Info Disclosure
Title source: llmDescription
Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an object's content using these hash codes. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.
References (13)
Core 13
Core References
Vendor Advisory x_refsource_confirm
https://www.mozilla.org/security/advisories/mfsa2017-03/
Vendor Advisory x_refsource_confirm
https://www.mozilla.org/security/advisories/mfsa2017-02/
Exploit, Issue Tracking, Vendor Advisory x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=1312001
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201702-22
Issue Tracking, Patch, Vendor Advisory x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=1330769
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2017/dsa-3832
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201702-13
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2017/dsa-3771
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1037693
Vendor Advisory x_refsource_confirm
https://www.mozilla.org/security/advisories/mfsa2017-01/
Third Party Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2017-0190.html
Third Party Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2017-0238.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/95769
Scores
CVSS v3
7.5
EPSS
0.0159
EPSS Percentile
81.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (20)
debian/debian_linux
8.0
mozilla/firefox
< 51.0
mozilla/thunderbird
< 45.7.0
redhat/enterprise_linux
5.0
redhat/enterprise_linux
6.0
redhat/enterprise_linux
7.0
redhat/enterprise_linux_desktop
5.0
redhat/enterprise_linux_desktop
6.0
redhat/enterprise_linux_desktop
7.0
redhat/enterprise_linux_server
5.0
... and 10 more
Published
Jun 11, 2018
Tracked Since
Feb 18, 2026