Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information disclosure. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N
Vendors Products
Redhat
  • Enterprise Linux
  • Enterprise Linux Server
  • Enterprise Linux Server Eus
  • Enterprise Linux Desktop
  • Enterprise Linux Workstation
  • Enterprise Linux Server Aus
Mozilla
  • Firefox Esr
  • Thunderbird
  • Firefox
Debian
  • Debian Linux

Configuration 1 [-]

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration 3 [-]

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

Configuration 4 [-]

cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*

Configuration 5 [-]

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

Configuration 6 [-]

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
References
Link Resource
http://rhn.redhat.com/errata/RHSA-2017-0459.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0461.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0498.html Third Party Advisory
http://www.securityfocus.com/bid/96693 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1037966 Third Party Advisory VDB Entry
https://bugzilla.mozilla.org/show_bug.cgi?id=1336622 Exploit Issue Tracking Vendor Advisory
https://security.gentoo.org/glsa/201705-06 Third Party Advisory
https://security.gentoo.org/glsa/201705-07 Third Party Advisory
https://www.debian.org/security/2017/dsa-3805 Third Party Advisory
https://www.debian.org/security/2017/dsa-3832 Third Party Advisory
https://www.mozilla.org/security/advisories/mfsa2017-05/ Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2017-06/ Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2017-07/ Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2017-09/ Vendor Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mozilla

Published: 2018-06-11T21:00:00

Updated: 2018-06-12T09:57:01

Reserved: 2017-01-13T00:00:00

Link: CVE-2017-5407

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2018-06-11T21:29:04.373

Modified: 2018-07-31T19:03:00.793

Link: CVE-2017-5407

JSON object: View

cve-icon Redhat Information

No data.

CWE