Vulnerability CVE-2017-5382: Information

Description

Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content, allowing for the exposure of internal information not meant to be seen by web content. This vulnerability affects Firefox < 51.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2017-5382
Published: June 12, 2018
Modified: Aug. 7, 2018
Error type identifier: CWE-200

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
firefoxsisyphus51.0.1-alt1127.0-alt1ALT-PU-2017-1138-1177393Fixed
firefoxp1051.0.1-alt1118.0.2-alt0.p10.1ALT-PU-2017-1138-1177393Fixed
firefoxp951.0.1-alt1105.0.1-alt0.c9.1ALT-PU-2017-1138-1177393Fixed
firefoxp851.0.1-alt0.M80P.168.0.1-alt0.M80P.1ALT-PU-2017-1140-1177727Fixed
firefoxc10f151.0.1-alt1112.0.2-alt0.p10.1ALT-PU-2017-1138-1177393Fixed
firefoxc9f251.0.1-alt1105.0.1-alt0.c9.1ALT-PU-2017-1138-1177393Fixed
firefoxc752.5.3-alt0.M70C.160.8.0-alt0.M70C.1ALT-PU-2018-1225-1200642Fixed
firefoxp1151.0.1-alt1126.0.1-alt1ALT-PU-2017-1138-1177393Fixed
firefox-esrsisyphus52.1.1-alt1115.11.0-alt1ALT-PU-2017-1578-1182570Fixed
firefox-esrp1052.1.1-alt1115.11.0-alt1ALT-PU-2017-1578-1182570Fixed
firefox-esrp952.1.1-alt1102.11.0-alt0.c9.1ALT-PU-2017-1578-1182570Fixed
firefox-esrp852.3.0-alt0.M80P.168.4.1-alt0.M80P.1ALT-PU-2017-2230-1188380Fixed
firefox-esrc10f152.1.1-alt1115.9.1-alt0.c10.1ALT-PU-2017-1578-1182570Fixed
firefox-esrc9f252.1.1-alt1102.12.0-alt0.c9.1ALT-PU-2017-1578-1182570Fixed
firefox-esrp1152.1.1-alt1115.11.0-alt1ALT-PU-2017-1578-1182570Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://www.mozilla.org/security/advisories/mfsa2017-01/
  • Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1295322
  • Issue Tracking
  • Patch
1037693
  • Third Party Advisory
  • VDB Entry
95763
  • Third Party Advisory
  • VDB Entry

    1. Configuration 1

      cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
      End excliding
      51.0
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.3
Back to top