CVE-2017-7843

CVSS v3.0 7.5 (High)

CVSS v2.0 5 (Medium)

EPSS 0.40 % (74^th)

Affected Products 8

Advisories 8

When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persist across multiple private browsing mode sessions because it is not cleared when exiting. This vulnerability affects Firefox ESR < 52.5.2 and Firefox < 57.0.1.

Weaknesses

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2018-06-11 21:29:11
(6 years ago)
Updated Date: 2018-08-06 16:35:16
(6 years ago)

Affected Products

Debian

Debian Linux

Mozilla

Redhat

Configuration #1

		CPE23	From	Up To
	Debian Linux 7.0	cpe:2.3:o:debian:debian_linux:7.0
	Debian Linux 8.0	cpe:2.3:o:debian:debian_linux:8.0
	Debian Linux 9.0	cpe:2.3:o:debian:debian_linux:9.0

Configuration #2

		CPE23	From	Up To
	Mozilla Firefox prior 57.0.1 version	cpe:2.3:a:mozilla:firefox		< 57.0.1

Configuration #3

		CPE23	From	Up To
	Mozilla Firefox Esr prior 52.5.2 version	cpe:2.3:a:mozilla:firefox_esr		< 52.5.2

Configuration #4

		CPE23	From	Up To
	Redhat Enterprise Linux Desktop 6.0	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0
	Redhat Enterprise Linux Desktop 7.0	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
	Redhat Enterprise Linux Server 6.0	cpe:2.3:o:redhat:enterprise_linux_server:6.0
	Redhat Enterprise Linux Server 7.0	cpe:2.3:o:redhat:enterprise_linux_server:7.0
	Redhat Enterprise Linux Server Aus 7.4	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4
	Redhat Enterprise Linux Server Eus 7.4	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4
	Redhat Enterprise Linux Server Eus 7.5	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5
	Redhat Enterprise Linux Workstation 6.0	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0
	Redhat Enterprise Linux Workstation 7.0	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0