CVE-2017-5382
HIGHFirefox < 51.0 - Exposure of Sensitive Information via RSS Feed Preview
Title source: llmDescription
Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content, allowing for the exposure of internal information not meant to be seen by web content. This vulnerability affects Firefox < 51.
References (4)
Core 4
Core References
Issue Tracking, Patch x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=1295322
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1037693
Vendor Advisory x_refsource_confirm
https://www.mozilla.org/security/advisories/mfsa2017-01/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/95763
Scores
CVSS v3
7.5
EPSS
0.0096
EPSS Percentile
76.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
mozilla/firefox
< 51.0
Published
Jun 11, 2018
Tracked Since
Feb 18, 2026