CVE-2017-7787
N/A
N/A
Summary
Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Mozilla | Thunderbird | unspecified < 52.3 | affected |
| Mozilla | Firefox ESR | unspecified < 52.3 | affected |
| Mozilla | Firefox | unspecified < 55 | affected |
Weaknesses
- Same-origin policy bypass with iframes through page reloads
ADP Enrichment
CVE Program Container
Additional References
- https://www.mozilla.org/security/advisories/mfsa2017-19/
- https://www.mozilla.org/security/advisories/mfsa2017-20/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1322896
- https://www.debian.org/security/2017/dsa-3968
- https://www.mozilla.org/security/advisories/mfsa2017-18/
- https://access.redhat.com/errata/RHSA-2017:2456
- http://www.securityfocus.com/bid/100234
- https://access.redhat.com/errata/RHSA-2017:2534
- http://www.securitytracker.com/id/1039124
- https://security.gentoo.org/glsa/201803-14
- https://www.debian.org/security/2017/dsa-3928
References
- https://www.mozilla.org/security/advisories/mfsa2017-19/
- https://www.mozilla.org/security/advisories/mfsa2017-20/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1322896
- https://www.debian.org/security/2017/dsa-3968
- https://www.mozilla.org/security/advisories/mfsa2017-18/
- https://access.redhat.com/errata/RHSA-2017:2456
- http://www.securityfocus.com/bid/100234
- https://access.redhat.com/errata/RHSA-2017:2534
- http://www.securitytracker.com/id/1039124
- https://security.gentoo.org/glsa/201803-14
- https://www.debian.org/security/2017/dsa-3928
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.