PT-2017-4017 · Mozilla+2 · Firefox+2

Anne Van Kesteren

Publicado

2017-01-28

Atualizado

2024-12-12

CVE-2017-7797

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 55

Description The issue is related to the lack of same-origin protections for response header name interning, allowing stored header names to be available cross-origin. This could potentially enable a remote attacker to gain unauthorized access to protected information.

Recommendations For versions prior to 55, update to a version 55 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive information until the update can be applied.

Exploit

Correção

Origin Validation Error

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-346

Identificadores relacionados

ALT-PU-2017-2060

ALT-PU-2018-1854

BDU:2021-00121

CVE-2017-7797

OPENSUSE-SU-2024:10600-1

OPENSUSE-SU-2024:14572-1

USN-3391-1

USN-3391-2

USN-3391-3

Produtos afetados

Alt Linux

Firefox

Ubuntu

PT-2017-4017 · Mozilla+2 · Firefox+2

CVE-2017-7797

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 1908