Vulnerability CVE-2017-7830: Information
Description
The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.
Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Fixed packages
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://www.mozilla.org/security/advisories/mfsa2017-26/ |
|
https://www.mozilla.org/security/advisories/mfsa2017-25/ |
|
https://www.mozilla.org/security/advisories/mfsa2017-24/ |
|
https://bugzilla.mozilla.org/show_bug.cgi?id=1408990 |
|
DSA-4075 |
|
DSA-4061 |
|
DSA-4035 |
|
[debian-lts-announce] 20171209 [SECURITY] [DLA 1199-1] thunderbird security update |
|
[debian-lts-announce] 20171115 [SECURITY] [DLA 1172-1] firefox-esr security update |
|
RHSA-2017:3372 |
|
RHSA-2017:3247 |
|
1039803 |
|
101832 |
|