CVE-2017-7830

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.

References

http://www.securityfocus.com/bid/101832

http://www.securitytracker.com/id/1039803

https://access.redhat.com/errata/RHSA-2017:3247

https://access.redhat.com/errata/RHSA-2017:3372

https://bugzilla.mozilla.org/show_bug.cgi?id=1408990

https://lists.debian.org/debian-lts-announce/2017/11/msg00018.html

https://lists.debian.org/debian-lts-announce/2017/12/msg00001.html

https://www.debian.org/security/2017/dsa-4035

https://www.debian.org/security/2017/dsa-4061

https://www.debian.org/security/2017/dsa-4075

https://www.mozilla.org/security/advisories/mfsa2017-24/

https://www.mozilla.org/security/advisories/mfsa2017-25/

https://www.mozilla.org/security/advisories/mfsa2017-26/

Details

Source: MITRE

Published: 2018-06-11

Updated: 2019-10-03

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 2.8

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

Configuration 5

OR

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Tenable Plugins

View all (39 total)

IDNameProductFamilySeverity
127363NewStart CGSL MAIN 4.05 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0119)NessusNewStart CGSL Local Security Checks
critical
127356NewStart CGSL MAIN 4.05 : firefox Multiple Vulnerabilities (NS-SA-2019-0116)NessusNewStart CGSL Local Security Checks
critical
127151NewStart CGSL MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0006)NessusNewStart CGSL Local Security Checks
critical
127141NewStart CGSL MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2019-0001)NessusNewStart CGSL Local Security Checks
critical
700332Mozilla Firefox ESR < 52.5 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
700322Mozilla Firefox < 57 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
critical
108820GLSA-201803-14 : Mozilla Thunderbird: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
106296macOS 10.13.x < 10.13.3 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
105542Ubuntu 14.04 LTS / 16.04 LTS / 17.04 / 17.10 : firefox regression (USN-3477-4)NessusUbuntu Local Security Checks
critical
105497Debian DSA-4075-1 : thunderbird - security updateNessusDebian Local Security Checks
critical
105122Debian DSA-4061-1 : thunderbird - security updateNessusDebian Local Security Checks
critical
105115Debian DLA-1199-1 : thunderbird security updateNessusDebian Local Security Checks
critical
105096SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2017:3233-1)NessusSuSE Local Security Checks
critical
105058CentOS 6 / 7 : thunderbird (CESA-2017:3372)NessusCentOS Local Security Checks
critical
105044Mozilla Thunderbird < 52.5 Multiple VulnerabilitiesNessusWindows
critical
105043Mozilla Thunderbird < 52.5 Multiple Vulnerabilities (macOS)NessusMacOS X Local Security Checks
critical
105034SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2017:3213-1)NessusSuSE Local Security Checks
critical
105019Scientific Linux Security Update : thunderbird on SL6.x, SL7.x i386/x86_64 (20171204)NessusScientific Linux Local Security Checks
critical
105015Oracle Linux 6 / 7 : thunderbird (ELSA-2017-3372)NessusOracle Linux Local Security Checks
critical
104995Ubuntu 14.04 LTS / 16.04 LTS / 17.04 / 17.10 : thunderbird vulnerabilities (USN-3490-1)NessusUbuntu Local Security Checks
critical
104994Ubuntu 14.04 LTS / 16.04 LTS / 17.04 / 17.10 : firefox regressions (USN-3477-3)NessusUbuntu Local Security Checks
critical
104988RHEL 6 / 7 : thunderbird (RHSA-2017:3372)NessusRed Hat Local Security Checks
critical
104918EulerOS 2.0 SP2 : firefox (EulerOS-SA-2017-1300)NessusHuawei Local Security Checks
critical
104917EulerOS 2.0 SP1 : firefox (EulerOS-SA-2017-1299)NessusHuawei Local Security Checks
critical
104807Ubuntu 14.04 LTS / 16.04 LTS / 17.04 / 17.10 : firefox regression (USN-3477-2)NessusUbuntu Local Security Checks
critical
104798openSUSE Security Update : Mozilla Thunderbird (openSUSE-2017-1311)NessusSuSE Local Security Checks
critical
104701Scientific Linux Security Update : firefox on SL6.x, SL7.x i386/x86_64 (20171117)NessusScientific Linux Local Security Checks
critical
104700RHEL 6 / 7 : firefox (RHSA-2017:3247)NessusRed Hat Local Security Checks
critical
104698Oracle Linux 6 / 7 : firefox (ELSA-2017-3247)NessusOracle Linux Local Security Checks
critical
104675CentOS 6 / 7 : firefox (CESA-2017:3247)NessusCentOS Local Security Checks
critical
104652Ubuntu 14.04 LTS / 16.04 LTS / 17.04 / 17.10 : firefox vulnerabilities (USN-3477-1)NessusUbuntu Local Security Checks
critical
104648openSUSE Security Update : MozillaFirefox (openSUSE-2017-1279)NessusSuSE Local Security Checks
critical
104638Mozilla Firefox < 57 Multiple VulnerabilitiesNessusWindows
critical
104637Mozilla Firefox ESR < 52.5 Multiple VulnerabilitiesNessusWindows
critical
104636Mozilla Firefox < 57 Multiple Vulnerabilities (macOS)NessusMacOS X Local Security Checks
critical
104635Mozilla Firefox ESR < 52.5 Multiple Vulnerabilities (macOS)NessusMacOS X Local Security Checks
critical
104587Debian DSA-4035-1 : firefox-esr - security updateNessusDebian Local Security Checks
critical
104585Debian DLA-1172-1 : firefox-esr security updateNessusDebian Local Security Checks
critical
104564FreeBSD : mozilla -- multiple vulnerabilities (f78eac48-c3d1-4666-8de5-63ceea25a578)NessusFreeBSD Local Security Checks
critical