[MFSA-2017-27] Security vulnerabilities fixed in Firefox 57.0.1
CVE-2017-7843: Web worker in Private Browsing mode can write IndexedDB data (high)
When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persist across multiple private browsing mode sessions because it is not cleared when exiting.CVE-2017-7844: Visited history information leak through SVG image (high)
A combination of an external SVG image referenced on a page and the coloring of anchor links stored within this image can be used to determine which pages a user has in their history. This can allow a malicious website to query user history.
Note: This issue only affects Firefox 57. Earlier releases are not affected.
| Package | Affected Version |
|---|---|
 pkg:mozilla/Firefox
|
< 57.0.1 |
| Package | Fixed Version |
|---|---|
|
pkg:mozilla/Firefox
|
= 57.0.1 |
- ID
- MFSA-2017-27
- Severity
- critical
- URL
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-27
- Published
-
2017-11-29T00:00:00
(6 years ago) - Modified
-
2017-11-29T00:00:00
(6 years ago) - Other Advisories
ALPINE:CVE-2017-7843
DSA-4062-1
ELSA-2017-3382
FREEBSD:B7E23050-2D5D-4E61-9B48-62E89DB222CA
GLSA-201802-03
RHSA-2017:3382| Source | # ID | Name | URL |
|---|---|---|---|
| Bugzilla | 1410106 |
|
|
| Bugzilla | 1420001 |
|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |