CVE-2017-7843
firefox-esr - security update
7.5
HIGH
CVSS 3.1
EPSS 0.88%
Description
When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persist across multiple private browsing mode sessions because it is not cleared when exiting. This vulnerability affects Firefox ESR < 52.5.2 and Firefox < 57.0.1.
How to fix CVE-2017-7843
To remediate CVE-2017-7843, upgrade the affected package to a fixed version below.
- —upgrade to 52.5.2esr-1 or later
- —upgrade to 52.5.2esr-1~deb7u1 or later
- —upgrade to 52.5.2esr-1~deb8u1 or later
Is CVE-2017-7843 being exploited?
Low — EPSS is 0.9%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 52.5.2esr-1
- from 0, < 52.5.2esr-1~deb7u1
- from 0, < 52.5.2esr-1~deb8u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |