CVE-2017-7843

When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persist across multiple private browsing mode sessions because it is not cleared when exiting. This vulnerability affects Firefox ESR < 52.5.2 and Firefox < 57.0.1.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
mozillaCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
VendorProductVersion
debiandebian_linux
7.0
debiandebian_linux
8.0
debiandebian_linux
9.0
mozillafirefox
𝑥
< 57.0.1
mozillafirefox_esr
𝑥
< 52.5.2
redhatenterprise_linux_desktop
6.0
redhatenterprise_linux_desktop
7.0
redhatenterprise_linux_server
6.0
redhatenterprise_linux_server
7.0
redhatenterprise_linux_server_aus
7.4
redhatenterprise_linux_server_eus
7.4
redhatenterprise_linux_server_eus
7.5
redhatenterprise_linux_workstation
6.0
redhatenterprise_linux_workstation
7.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
firefox
sid
132.0.1-1
fixed
firefox-esr
bullseye
115.14.0esr-1~deb11u1
fixed
bullseye (security)
128.4.0esr-1~deb11u1
fixed
bookworm
115.14.0esr-1~deb12u1
fixed
bookworm (security)
128.4.0esr-1~deb12u1
fixed
trixie
128.3.1esr-2
fixed
sid
128.4.0esr-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
bionic
Fixed 57.0.1+build2-0ubuntu1
released
artful
Fixed 57.0.1+build2-0ubuntu0.17.10.1
released
zesty
Fixed 57.0.1+build2-0ubuntu0.17.04.1
released
xenial
Fixed 57.0.1+build2-0ubuntu0.16.04.1
released
trusty
Fixed 57.0.1+build2-0ubuntu0.14.04.1
released
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/102039
http://www.securityfocus.com/bid/102112
http://www.securitytracker.com/id/1039954
https://access.redhat.com/errata/RHSA-2017:3382
https://bugzilla.mozilla.org/show_bug.cgi?id=1410106
https://lists.debian.org/debian-lts-announce/2017/12/msg00003.html
https://www.debian.org/security/2017/dsa-4062
https://www.mozilla.org/security/advisories/mfsa2017-27/
https://www.mozilla.org/security/advisories/mfsa2017-28/
http://www.securityfocus.com/bid/102039
http://www.securityfocus.com/bid/102112
http://www.securitytracker.com/id/1039954
https://access.redhat.com/errata/RHSA-2017:3382
https://bugzilla.mozilla.org/show_bug.cgi?id=1410106
https://lists.debian.org/debian-lts-announce/2017/12/msg00003.html
https://www.debian.org/security/2017/dsa-4062
https://www.mozilla.org/security/advisories/mfsa2017-27/
https://www.mozilla.org/security/advisories/mfsa2017-28/