CVE-2017-7843

MEDIUM

Description

When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persist across multiple private browsing mode sessions because it is not cleared when exiting. This vulnerability affects Firefox ESR < 52.5.2 and Firefox < 57.0.1.

References

http://www.securityfocus.com/bid/102039

http://www.securityfocus.com/bid/102112

http://www.securitytracker.com/id/1039954

https://access.redhat.com/errata/RHSA-2017:3382

https://bugzilla.mozilla.org/show_bug.cgi?id=1410106

https://lists.debian.org/debian-lts-announce/2017/12/msg00003.html

https://www.debian.org/security/2017/dsa-4062

https://www.mozilla.org/security/advisories/mfsa2017-27/

https://www.mozilla.org/security/advisories/mfsa2017-28/

Details

Source: MITRE

Published: 2018-06-11

Updated: 2018-08-06

Type: CWE-200

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Tenable Plugins

View all (20 total)

IDNameProductFamilySeverity
127356NewStart CGSL MAIN 4.05 : firefox Multiple Vulnerabilities (NS-SA-2019-0116)NessusNewStart CGSL Local Security Checks
critical
127141NewStart CGSL MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2019-0001)NessusNewStart CGSL Local Security Checks
critical
700333Mozilla Firefox ESR < 52.5.2 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
700323Mozilla Firefox < 57.0.1 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
700322Mozilla Firefox < 57 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
critical
106884GLSA-201802-03 : Mozilla Firefox: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
105308EulerOS 2.0 SP2 : firefox (EulerOS-SA-2017-1327)NessusHuawei Local Security Checks
medium
105307EulerOS 2.0 SP1 : firefox (EulerOS-SA-2017-1326)NessusHuawei Local Security Checks
medium
105246openSUSE Security Update : MozillaFirefox (openSUSE-2017-1366)NessusSuSE Local Security Checks
medium
105212Mozilla Firefox ESR < 52.5.2 Multiple VulnerabilitiesNessusWindows
high
105211Mozilla Firefox ESR < 52.5.2 Private Mode Fingerprinting Vulnerability (macOS)NessusMacOS X Local Security Checks
medium
105123Debian DSA-4062-1 : firefox-esr - security updateNessusDebian Local Security Checks
medium
105118Debian DLA-1202-1 : firefox-esr security updateNessusDebian Local Security Checks
medium
105060CentOS 6 / 7 : firefox (CESA-2017:3382)NessusCentOS Local Security Checks
medium
105040Mozilla Firefox < 57.0.1 Multiple VulnerabilitiesNessusWindows
medium
105039Mozilla Firefox < 57.0.1 Multiple Vulnerabilities (macOS)NessusMacOS X Local Security Checks
medium
105030Scientific Linux Security Update : firefox on SL6.x, SL7.x i386/x86_64 (20171205)NessusScientific Linux Local Security Checks
medium
105027Oracle Linux 6 / 7 : firefox (ELSA-2017-3382)NessusOracle Linux Local Security Checks
medium
105026FreeBSD : mozilla -- multiple vulnerabilities (b7e23050-2d5d-4e61-9b48-62e89db222ca)NessusFreeBSD Local Security Checks
medium
105018RHEL 6 / 7 : firefox (RHSA-2017:3382)NessusRed Hat Local Security Checks
medium