Vulnerability CVE-2017-7787: Information

Description

Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2017-7787

Published: June 12, 2018

Modified: Aug. 3, 2018

Error type identifier: CWE-200

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
firefox	sisyphus	55.0.1-alt1	125.0.3-alt1	ALT-PU-2017-2060-1	187059	Fixed
firefox	p10	55.0.1-alt1	118.0.2-alt0.p10.1	ALT-PU-2017-2060-1	187059	Fixed
firefox	p9	55.0.1-alt1	105.0.1-alt0.c9.1	ALT-PU-2017-2060-1	187059	Fixed
firefox	p8	55.0.1-alt0.M80P.1	68.0.1-alt0.M80P.1	ALT-PU-2017-2069-1	187143	Fixed
firefox	c10f1	55.0.1-alt1	112.0.2-alt0.p10.1	ALT-PU-2017-2060-1	187059	Fixed
firefox	c9f2	55.0.1-alt1	105.0.1-alt0.c9.1	ALT-PU-2017-2060-1	187059	Fixed
firefox	c7	52.5.3-alt0.M70C.1	60.8.0-alt0.M70C.1	ALT-PU-2018-1225-1	200642	Fixed
firefox-esr	sisyphus	52.3.0-alt1	115.10.0-alt1	ALT-PU-2017-2019-1	186871	Fixed
firefox-esr	p10	52.3.0-alt1	115.10.0-alt1	ALT-PU-2017-2019-1	186871	Fixed
firefox-esr	p9	52.3.0-alt1	102.11.0-alt0.c9.1	ALT-PU-2017-2019-1	186871	Fixed
firefox-esr	p8	52.3.0-alt0.M80P.1	68.4.1-alt0.M80P.1	ALT-PU-2017-2230-1	188380	Fixed
firefox-esr	c10f1	52.3.0-alt1	115.9.1-alt0.c10.1	ALT-PU-2017-2019-1	186871	Fixed
firefox-esr	c9f2	52.3.0-alt1	102.12.0-alt0.c9.1	ALT-PU-2017-2019-1	186871	Fixed
thunderbird	sisyphus	52.3.0-alt1	115.9.0-alt1	ALT-PU-2017-2093-1	187298	Fixed
thunderbird	p10	52.3.0-alt1	115.9.0-alt1	ALT-PU-2017-2093-1	187298	Fixed
thunderbird	p9	52.3.0-alt1	102.11.0-alt0.c9.1	ALT-PU-2017-2093-1	187298	Fixed
thunderbird	p8	52.3.0-alt0.M80P.1	60.8.0-alt0.M80P.1	ALT-PU-2017-2238-1	188382	Fixed
thunderbird	c10f1	52.3.0-alt1	115.9.0-alt0.c10.1	ALT-PU-2017-2093-1	187298	Fixed
thunderbird	c9f2	52.3.0-alt1	102.11.0-alt0.c9.1	ALT-PU-2017-2093-1	187298	Fixed
thunderbird	c7	60.8.0-alt0.M70C.1	60.8.0-alt0.M70C.1	ALT-PU-2019-2345-1	234994	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://www.mozilla.org/security/advisories/mfsa2017-20/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2017-19/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2017-18/	Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1322896	Exploit Issue Tracking Vendor Advisory
DSA-3968	Third Party Advisory
DSA-3928	Third Party Advisory
GLSA-201803-14	Third Party Advisory
RHSA-2017:2534	Third Party Advisory
RHSA-2017:2456	Third Party Advisory
1039124	Third Party Advisory VDB Entry
100234	Third Party Advisory VDB Entry

Affected configurations:
1. Configuration 1
  cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  
  Configuration 2
  cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
  
  Configuration 3
  cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
  End excliding
  52.3
  
  Configuration 4
  cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
  End excliding
  55.0
  
  Configuration 5
  cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
  End excliding
  52.3

Version: v24.5.0

Vulnerability CVE-2017-7787: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1

Configuration 2

Configuration 3

Configuration 4

Configuration 5