Oracle Linux: CVE-2017-7843: ELSA-2017-3382 - firefox security update
|4||(AV:L/AC:M/Au:N/C:P/I:P/A:P)||December 04, 2017||December 04, 2017||December 05, 2017|
Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.
[52.5.1-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one - Force requirement of newer gdk-pixbuf2 to ensure a proper update (Todd Vierling) [orabug 19847484] [52.5.1-1] - Update to 52.5.1 ESR
Mozilla Firefox is an open source web browser.
This update upgrades Firefox to version 52.5.1 ESR.
A privacy flaw was discovered in Firefox. In Private Browsing mode, a web worker could write persistent data to IndexedDB, which was not cleared when exiting and would persist across multiple sessions. A malicious website could exploit the flaw to bypass private-browsing protections and uniquely fingerprint visitors. (CVE-2017-7843)
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Konark as the original reporter.
Mozilla Foundation reports:
CVE-2017-7843: Web worker in Private Browsing mode can write IndexedDB data
CVE-2017-7844: Visited history information leak through SVG image
Free Nexpose Download
Discover, prioritize, and remediate security risks today!