CVE-2017-7787 — Sensitive Information Exposure in Mozilla Firefox
Severity
7.5HIGHNVD
OSV9.1
EPSS
1.0%
top 23.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 11
Latest updateMay 14
Description
Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6
Affected Packages11 packages
Also affects: Debian Linux 8.0, 9.0, Enterprise Linux 5.0, 6.0, 7.0, 7.3, 7.4, 7.5
🔴Vulnerability Details
7GHSA▶
GHSA-6g35-2rw4-ch3p: Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top l↗2022-05-14
OSV▶
CVE-2017-7787: Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top l↗2018-06-11
CVEList▶
CVE-2017-7787: Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top l↗2018-06-11
📋Vendor Advisories
6💬Community
1Bugzilla▶
CVE-2017-7787 Mozilla: Same-origin policy bypass with iframes through page reloads (MFSA 2017-19)↗2017-08-08