Vulnerability & Exploit Database

Back to search

Red Hat: CVE-2017-7843: Important: firefox security update (RHSA-2017:3382)

Severity CVSS Published Added Modified
4 (AV:L/AC:M/Au:N/C:P/I:P/A:P) December 04, 2017 December 05, 2017 December 20, 2017

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From RHSA-2017:3382:

Mozilla Firefox is an open source web browser.

This update upgrades Firefox to version 52.5.1 ESR.

Security Fix(es):

A privacy flaw was discovered in Firefox. In Private Browsing mode, a web worker could write persistent data to IndexedDB, which was not cleared when exiting and would persist across multiple sessions. A malicious website could exploit the flaw to bypass private-browsing protections and uniquely fingerprint visitors. (CVE-2017-7843)

Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Konark as the original reporter.

Scan For This Vulnerability

Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities

 Free InsightVM Trial

References

Solution

redhat-upgrade-firefox