[MFSA-2017-27] Security vulnerabilities fixed in Firefox 57.0.1
CVE-2017-7843: Web worker in Private Browsing mode can write IndexedDB data (high)
When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persist across multiple private browsing mode sessions because it is not cleared when exiting.CVE-2017-7844: Visited history information leak through SVG image (high)
A combination of an external SVG image referenced on a page and the coloring of anchor links stored within this image can be used to determine which pages a user has in their history. This can allow a malicious website to query user history.
Note: This issue only affects Firefox 57. Earlier releases are not affected.
Package | Affected Version |
---|---|
pkg:mozilla/Firefox | < 57.0.1 |
Package | Fixed Version |
---|---|
pkg:mozilla/Firefox | = 57.0.1 |
- ID
- MFSA-2017-27
- Severity
- critical
- URL
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-27
- Published
-
2017-11-29T00:00:00
(6 years ago) - Modified
-
2017-11-29T00:00:00
(6 years ago) - Other Advisories
Source | # ID | Name | URL |
---|---|---|---|
Bugzilla | 1410106 | https://bugzilla.mozilla.org/show_bug.cgi?id=1410106 | |
Bugzilla | 1420001 | https://bugzilla.mozilla.org/show_bug.cgi?id=1420001 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |