CVE-2017-7787

EPSS 2.4%

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 2.4%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

11 Jun 2018Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

Affected products

Mozilla · Firefox Mozilla · Firefox ESR Mozilla · Thunderbird

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://access.redhat.com/errata/RHSA-2017:2456 https://access.redhat.com/errata/RHSA-2017:2534 https://bugzilla.mozilla.org/show_bug.cgi?id=1322896 https://security.gentoo.org/glsa/201803-14 https://www.debian.org/security/2017/dsa-3928 https://www.debian.org/security/2017/dsa-3968 https://www.mozilla.org/security/advisories/mfsa2017-18/https://www.mozilla.org/security/advisories/mfsa2017-19/https://www.mozilla.org/security/advisories/mfsa2017-20/http://www.securityfocus.com/bid/100234 http://www.securitytracker.com/id/1039124