Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-7843

When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persist across multiple private browsing mode sessions because it is not cleared when exiting. This vulnerability affects Firefox ESR < 52.5.2 and Firefox < 57.0.1.

Published

2018-06-11T21:29:11.920

Last Modified

2024-11-21T03:32:46.900

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-200

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	debian	debian_linux	7.0	Yes
Operating System	debian	debian_linux	8.0	Yes
Operating System	debian	debian_linux	9.0	Yes
Application	mozilla	firefox	< 57.0.1	Yes
Application	mozilla	firefox_esr	< 52.5.2	Yes
Operating System	redhat	enterprise_linux_desktop	6.0	Yes
Operating System	redhat	enterprise_linux_desktop	7.0	Yes
Operating System	redhat	enterprise_linux_server	6.0	Yes
Operating System	redhat	enterprise_linux_server	7.0	Yes
Operating System	redhat	enterprise_linux_server_aus	7.4	Yes
Operating System	redhat	enterprise_linux_server_eus	7.4	Yes
Operating System	redhat	enterprise_linux_server_eus	7.5	Yes
Operating System	redhat	enterprise_linux_workstation	6.0	Yes
Operating System	redhat	enterprise_linux_workstation	7.0	Yes

References

http://www.securityfocus.com/bid/102039 Issue Tracking, Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/bid/102112 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id/1039954 Third Party Advisory, VDB Entry ([email protected])
https://access.redhat.com/errata/RHSA-2017:3382 Third Party Advisory ([email protected])
https://bugzilla.mozilla.org/show_bug.cgi?id=1410106 Exploit, Issue Tracking, Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2017/12/msg00003.html Third Party Advisory ([email protected])
https://www.debian.org/security/2017/dsa-4062 Third Party Advisory ([email protected])
https://www.mozilla.org/security/advisories/mfsa2017-27/ Vendor Advisory ([email protected])
https://www.mozilla.org/security/advisories/mfsa2017-28/ Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/102039 Issue Tracking, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/102112 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1039954 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2017:3382 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.mozilla.org/show_bug.cgi?id=1410106 Exploit, Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2017/12/msg00003.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2017/dsa-4062 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.mozilla.org/security/advisories/mfsa2017-27/ Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.mozilla.org/security/advisories/mfsa2017-28/ Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)