PT-2016-3246 · Mozilla+5 · Firefox Esr+7

Oliver Wagner

·

Published

2016-12-11

·

Updated

2024-12-12

·

CVE-2017-7787

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 52.3 Firefox ESR versions prior to 52.3 Firefox versions prior to 55
Description The issue is related to the bypassing of same-origin policy protections on pages with embedded iframes during page reloads. This allows iframes to access content on the top-level page, leading to information disclosure. The vulnerability can be exploited by a remote attacker to gain unauthorized access to protected information using iframes during page reload.
Recommendations For Thunderbird versions prior to 52.3, update to version 52.3 or later. For Firefox ESR versions prior to 52.3, update to version 52.3 or later. For Firefox versions prior to 55, update to version 55 or later.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

ALT-PU-2017-2019
ALT-PU-2017-2060
ALT-PU-2017-2093
ALT-PU-2018-1854
BDU:2018-00171
CESA-2017_2456
CESA-2017_2534
CVE-2017-7787
DLA-1053-1
DLA-1087-1
DSA-3928-1
DSA-3928-2
DSA-3968-1
MGASA-2017-0268
MGASA-2017-0303
MGASA-2018-0018
OPENSUSE-SU-2017:2209-1
OPENSUSE-SU-2017_2151-1
OPENSUSE-SU-2017_2209-1
OPENSUSE-SU-2024:10600-1
OPENSUSE-SU-2024:10601-1
OPENSUSE-SU-2024:14572-1
RHSA-2017:2456
RHSA-2017:2534
RHSA-2017_2456
RHSA-2017_2534
SUSE-SU-2017:2302-1
SUSE-SU-2017:2589-1
USN-3391-1
USN-3391-2
USN-3391-3
USN-3416-1

Affected Products

Alt Linux
Centos
Firefox
Firefox Esr
Red Hat
Suse
Thunderbird
Ubuntu