CVE-2017-7844

Published: Jun 11, 2018Modified: Nov 21, 2024

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

A combination of an external SVG image referenced on a page and the coloring of anchor links stored within this image can be used to determine which pages a user has in their history. This can allow a malicious website to query user history. Note: This issue only affects Firefox 57. Earlier releases are not affected. This vulnerability affects Firefox < 57.0.1.

Affected (1)

Products: Mozilla: Firefox

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Before 57.0.1

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (8)

http://www.securityfocus.com/bid/102039

Source: security@mozilla.org

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1039954

Source: security@mozilla.org

Third Party AdvisoryVDB Entry

https://bugzilla.mozilla.org/show_bug.cgi?id=1420001

Source: security@mozilla.org

Issue TrackingPermissions RequiredThird Party Advisory

https://www.mozilla.org/security/advisories/mfsa2017-27/

Source: security@mozilla.org

Vendor Advisory

http://www.securityfocus.com/bid/102039

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1039954

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://bugzilla.mozilla.org/show_bug.cgi?id=1420001

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPermissions RequiredThird Party Advisory

https://www.mozilla.org/security/advisories/mfsa2017-27/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.