CVE-2017-7843
HIGHRedhat Enterprise Linux Server < 57.0.1 - Information Disclosure
Title source: ruleDescription
When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persist across multiple private browsing mode sessions because it is not cleared when exiting. This vulnerability affects Firefox ESR < 52.5.2 and Firefox < 57.0.1.
References (9)
Core 9
Core References
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:3382
Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2017/12/msg00003.html
Vendor Advisory x_refsource_confirm
https://www.mozilla.org/security/advisories/mfsa2017-28/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1039954
Vendor Advisory x_refsource_confirm
https://www.mozilla.org/security/advisories/mfsa2017-27/
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2017/dsa-4062
Exploit, Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=1410106
Issue Tracking, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/102039
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/102112
Scores
CVSS v3
7.5
EPSS
0.0088
EPSS Percentile
75.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (13)
debian/debian_linux
7.0
debian/debian_linux
8.0
debian/debian_linux
9.0
mozilla/firefox
< 57.0.1
redhat/enterprise_linux_desktop
6.0
redhat/enterprise_linux_desktop
7.0
redhat/enterprise_linux_server
6.0
redhat/enterprise_linux_server
7.0
redhat/enterprise_linux_server_aus
7.4
redhat/enterprise_linux_server_eus
7.4
... and 3 more
Published
Jun 11, 2018
Tracked Since
Feb 18, 2026