CVE-2017-7831 — Sensitive Information Exposure in Mozilla Firefox

CWE-200 — Sensitive Information Exposure12 documents5 sources

Severity

5.3MEDIUMNVD

OSV9.8

EPSS

0.3%

top 43.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Debian Firefox

Timeline

PublishedJun 11

Latest updateMay 14

Description

A vulnerability where the security wrapper does not deny access to some exposed properties using the deprecated "_exposedProps_" mechanism on proxy objects. These properties should be explicitly unavailable to proxy objects. This vulnerability affects Firefox < 57.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages4 packages

▶debiandebian/firefox< firefox 57.0-1 (sid)

▶CVEListV5mozilla/firefoxunspecified — 57

▶Ubuntumozilla/firefox< 57.0+build4-0ubuntu0.14.04.4+8

▶NVDmozilla/firefox56.0.2

🔴Vulnerability Details

GHSA

GHSA-vxq2-h625-9q28: A vulnerability where the security wrapper does not deny access to some exposed properties using the deprecated "_exposedProps_" mechanism on proxy ob↗2022-05-14

▶

OSV

firefox regression↗2018-01-03

▶

OSV

firefox regressions↗2017-12-01

▶

OSV

firefox regression↗2017-11-27

▶

OSV

firefox vulnerabilities↗2017-11-16

▶

📋Vendor Advisories

Ubuntu

Firefox regression↗2018-01-03

▶

Ubuntu

Firefox regressions↗2017-12-01

▶

Ubuntu

Firefox regression↗2017-11-27

▶

Ubuntu

Firefox vulnerabilities↗2017-11-16

▶

Debian

CVE-2017-7831: firefox - A vulnerability where the security wrapper does not deny access to some exposed ...↗2017

▶