[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

112965

 
 

909

 
 

87888

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2017-7787Date: (C)2018-06-14   (M)2018-09-17


Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 7.5CVSS Score : 5.0
Exploit Score: 3.9Exploit Score: 10.0
Impact Score: 3.6Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: PARTIAL
Scope: UNCHANGEDIntegrity: NONE
Confidentiality: HIGHAvailability: NONE
Integrity: NONE 
Availability: NONE 
  
Reference:
BID-100234
SECTRACK-1039124
DSA-3928
DSA-3968
GLSA-201803-14
RHSA-2017:2456
RHSA-2017:2534
https://bugzilla.mozilla.org/show_bug.cgi?id=1322896
https://www.mozilla.org/security/advisories/mfsa2017-18/
https://www.mozilla.org/security/advisories/mfsa2017-19/
https://www.mozilla.org/security/advisories/mfsa2017-20/

CPE    489
cpe:/a:mozilla:firefox:19.0.1
cpe:/a:mozilla:firefox:19.0.2
cpe:/a:mozilla:firefox:19.0
cpe:/a:mozilla:firefox_esr:31.5.1
...
CWE    1
CWE-200
OVAL    24
oval:org.secpod.oval:def:502181
oval:org.secpod.oval:def:603094
oval:org.secpod.oval:def:204552
oval:org.secpod.oval:def:41704
...

© SecPod Technologies