CVE-2017-5378

high

Description

Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an object's content using these hash codes. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.

References

Advisories
More

https://www.debian.org/security/2017/dsa-3832

https://www.debian.org/security/2017/dsa-3771

https://security.gentoo.org/glsa/201702-22

https://security.gentoo.org/glsa/201702-13

http://www.securitytracker.com/id/1037693

http://www.securityfocus.com/bid/95769

http://rhn.redhat.com/errata/RHSA-2017-0238.html

http://rhn.redhat.com/errata/RHSA-2017-0190.html

https://www.mozilla.org/security/advisories/mfsa2017-03/

https://www.mozilla.org/security/advisories/mfsa2017-02/

https://www.mozilla.org/security/advisories/mfsa2017-01/

https://bugzilla.mozilla.org/show_bug.cgi?id=1330769

https://bugzilla.mozilla.org/show_bug.cgi?id=1312001

Details

Source: Mitre, NVD

Published: 2018-06-11

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.01737