CVE-2017-5378
Publication date 25 January 2017
Last updated 24 July 2024
Ubuntu priority
Cvss 3 Severity Score
Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an object's content using these hash codes. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.
Status
Package | Ubuntu Release | Status |
---|---|---|
firefox | ||
16.04 LTS xenial |
Fixed 51.0.1+build2-0ubuntu0.16.04.1
|
|
14.04 LTS trusty |
Fixed 51.0.1+build2-0ubuntu0.14.04.1
|
|
thunderbird | ||
16.04 LTS xenial |
Fixed 1:45.7.0+build1-0ubuntu0.16.04.1
|
|
14.04 LTS trusty |
Fixed 1:45.7.0+build1-0ubuntu0.14.04.1
|
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.5 · High |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | None |
Availability impact | None |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
References
Related Ubuntu Security Notices (USN)
- USN-3175-1
- Firefox vulnerabilities
- 27 January 2017
- USN-3165-1
- Thunderbird vulnerabilities
- 28 January 2017