CVE-2017-5468 — Improper Initialization in Mozilla Firefox

CWE-665 — Improper Initialization10 documents7 sources

Severity

9.1CRITICALNVD

OSV9.8

EPSS

2.2%

top 15.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Debian Firefox

Timeline

PublishedJun 11

Latest updateMay 13

Description

An issue with incorrect ownership model of "privateBrowsing" information exposed through developer tools. This can result in a non-exploitable crash when manually triggered during debugging. This vulnerability affects Firefox < 53.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages4 packages

▶debiandebian/firefox< firefox 52.0.1-1 (sid)

▶CVEListV5mozilla/firefoxunspecified — 53

▶NVDmozilla/firefox< 53.0

▶Ubuntumozilla/firefox< 53.0+build6-0ubuntu0.14.04.1+3

Patches

Patch: bugzilla.mozilla.org ↗Patch: bugzilla.mozilla.org ↗

🔴Vulnerability Details

GHSA

GHSA-mwj6-29r9-vgq2: An issue with incorrect ownership model of "privateBrowsing" information exposed through developer tools↗2022-05-13

▶

OSV

firefox regression↗2017-05-11

▶

OSV

firefox vulnerabilities↗2017-04-21

▶

OSV

CVE-2017-5468: An issue with incorrect ownership model of "privateBrowsing" information exposed through developer tools↗2017-04-20

▶

📋Vendor Advisories

Ubuntu

Firefox regression↗2017-05-11

▶

Ubuntu

Firefox vulnerabilities↗2017-04-21

▶

Red Hat

Mozilla: Incorrect ownership model for Private Browsing information (MFSA 2017-10)↗2017-04-19

▶

Debian

CVE-2017-5468: firefox - An issue with incorrect ownership model of "privateBrowsing" information exposed...↗2017

▶

💬Community

Bugzilla

CVE-2017-5468 Mozilla: Incorrect ownership model for Private Browsing information (MFSA 2017-10)↗2017-04-19

▶