CVE-2017-7843
N/A
N/A
Summary
When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persist across multiple private browsing mode sessions because it is not cleared when exiting. This vulnerability affects Firefox ESR < 52.5.2 and Firefox < 57.0.1.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Mozilla | Firefox ESR | unspecified < 52.5.2 | affected |
| Mozilla | Firefox | unspecified < 57.0.1 | affected |
Weaknesses
- Web worker in Private Browsing mode can write IndexedDB data
ADP Enrichment
CVE Program Container
Additional References
- https://access.redhat.com/errata/RHSA-2017:3382
- https://lists.debian.org/debian-lts-announce/2017/12/msg00003.html
- https://www.mozilla.org/security/advisories/mfsa2017-28/
- http://www.securitytracker.com/id/1039954
- https://www.mozilla.org/security/advisories/mfsa2017-27/
- https://www.debian.org/security/2017/dsa-4062
- https://bugzilla.mozilla.org/show_bug.cgi?id=1410106
- http://www.securityfocus.com/bid/102039
- http://www.securityfocus.com/bid/102112
References
- https://access.redhat.com/errata/RHSA-2017:3382
- https://lists.debian.org/debian-lts-announce/2017/12/msg00003.html
- https://www.mozilla.org/security/advisories/mfsa2017-28/
- http://www.securitytracker.com/id/1039954
- https://www.mozilla.org/security/advisories/mfsa2017-27/
- https://www.debian.org/security/2017/dsa-4062
- https://bugzilla.mozilla.org/show_bug.cgi?id=1410106
- http://www.securityfocus.com/bid/102039
- http://www.securityfocus.com/bid/102112
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.