Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an object's content using these hash codes. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.
References
Link | Resource |
---|---|
http://rhn.redhat.com/errata/RHSA-2017-0190.html | Third Party Advisory |
http://rhn.redhat.com/errata/RHSA-2017-0238.html | Third Party Advisory |
http://www.securityfocus.com/bid/95769 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1037693 | Third Party Advisory VDB Entry |
https://bugzilla.mozilla.org/show_bug.cgi?id=1312001 | Exploit Issue Tracking Vendor Advisory |
https://bugzilla.mozilla.org/show_bug.cgi?id=1330769 | Issue Tracking Patch Vendor Advisory |
https://security.gentoo.org/glsa/201702-13 | Third Party Advisory |
https://security.gentoo.org/glsa/201702-22 | Third Party Advisory |
https://www.debian.org/security/2017/dsa-3771 | Third Party Advisory |
https://www.debian.org/security/2017/dsa-3832 | Third Party Advisory |
https://www.mozilla.org/security/advisories/mfsa2017-01/ | Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2017-02/ | Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2017-03/ | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mozilla
Published: 2018-06-11T21:00:00
Updated: 2018-06-12T09:57:01
Reserved: 2017-01-13T00:00:00
Link: CVE-2017-5378
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-06-11T21:29:02.907
Modified: 2018-08-02T19:43:51.157
Link: CVE-2017-5378
JSON object: View
Redhat Information
No data.
CWE