CVE-2017-7842

MEDIUM

Description

If a document's Referrer Policy attribute is set to "no-referrer" sometimes two network requests are made for "<link>" elements instead of one. One of these requests includes the referrer instead of respecting the set policy to not include a referrer on requests. This vulnerability affects Firefox < 57.

References

http://www.securityfocus.com/bid/101832

http://www.securitytracker.com/id/1039803

https://bugzilla.mozilla.org/show_bug.cgi?id=1397064

https://www.mozilla.org/security/advisories/mfsa2017-24/

Details

Source: MITRE

Published: 2018-06-11

Updated: 2018-06-25

Type: CWE-200

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3.0

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Impact Score: 1.4

Exploitability Score: 3.9

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* versions up to 56.0.2 (inclusive)

Tenable Plugins

View all (10 total)

IDNameProductFamilySeverity
700322Mozilla Firefox < 57 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
critical
105542Ubuntu 14.04 LTS / 16.04 LTS / 17.04 / 17.10 : firefox regression (USN-3477-4)NessusUbuntu Local Security Checks
critical
104994Ubuntu 14.04 LTS / 16.04 LTS / 17.04 / 17.10 : firefox regressions (USN-3477-3)NessusUbuntu Local Security Checks
critical
104807Ubuntu 14.04 LTS / 16.04 LTS / 17.04 / 17.10 : firefox regression (USN-3477-2)NessusUbuntu Local Security Checks
critical
104652Ubuntu 14.04 LTS / 16.04 LTS / 17.04 / 17.10 : firefox vulnerabilities (USN-3477-1)NessusUbuntu Local Security Checks
critical
104638Mozilla Firefox < 57 Multiple VulnerabilitiesNessusWindows
critical
104637Mozilla Firefox ESR < 52.5 Multiple VulnerabilitiesNessusWindows
critical
104636Mozilla Firefox < 57 Multiple Vulnerabilities (macOS)NessusMacOS X Local Security Checks
critical
104635Mozilla Firefox ESR < 52.5 Multiple Vulnerabilities (macOS)NessusMacOS X Local Security Checks
critical
104564FreeBSD : mozilla -- multiple vulnerabilities (f78eac48-c3d1-4666-8de5-63ceea25a578)NessusFreeBSD Local Security Checks
critical