SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Browser)  >   Mozilla Firefox Vendors:   Mozilla.org
(CentOS Issues Fix) Mozilla Firefox Flaws Lets Remote Users Obtain Potentially Sensitive Information on the Target System
SecurityTracker Alert ID:  1039971
SecurityTracker URL:  http://securitytracker.com/id/1039971
CVE Reference:   CVE-2017-7843   (Links to External Site)
Date:  Dec 6 2017
Impact:   Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 57.0.1
Description:   Two vulnerabilities were reported in Mozilla Firefox. A remote user can obtain potentially sensitive information on the target system.

A remote user can create specially crafted HTML that, when loaded by the target user in Private Browsing mode, will write data to IndexedDB that can be stored to persist across multiple private browsing mode sessions [CVE-2017-7843].

A remote user can create a specially crafted SVG image that, when loaded by the target user, will query user history and determine other pages a user has in their history [CVE-2017-7844]. Version 57 is affected.

Daniel Jackson and Konark reported these vulnerabilities.

Impact:   A remote user can obtain potentially sensitive information on the target system.
Solution:   CentOS has issued a fix for CVE-2017-7843.

i386:
423f01809c25b267fabc16336ab7a9513be96506438f605b10c14c4f6697b145 firefox-52.5.1-1.el6.centos.i686.rpm

x86_64:
423f01809c25b267fabc16336ab7a9513be96506438f605b10c14c4f6697b145 firefox-52.5.1-1.el6.centos.i686.rpm
0200c4ceef78fb2a81b758b473057e6d0a5d9cbc26c9ca2c42f99332f82114ed firefox-52.5.1-1.el6.centos.x86_64.rpm

Source:
6c3c3d2c15ff04f1cf73561eb333cb530ac987a2afc9eff5397db992551d7c68 firefox-52.5.1-1.el6.centos.src.rpm

x86_64:
14a525608f4f2656df2f503297ababd134a15a99eb7a00e4e24840f4d64cf574 firefox-52.5.1-1.el7.centos.i686.rpm
2a37ad2b382026d8e97e43f000e8307662db8daad638c0c0f1963030ccd79d04 firefox-52.5.1-1.el7.centos.x86_64.rpm

Source:
7564ce23fdee23f4d8805f19a68ff73ad9c026f7f7d732c0d91ae04f3320854f firefox-52.5.1-1.el7.centos.src.rpm

Cause:   Access control error
Underlying OS:  Linux (CentOS)
Underlying OS Comments:  6, 7

Message History:   This archive entry is a follow-up to the message listed below.
Dec 5 2017 Mozilla Firefox Flaws Lets Remote Users Obtain Potentially Sensitive Information on the Target System



 Source Message Contents

Subject:  [CentOS-announce] CESA-2017:3382 Important CentOS 6 firefox Security Update


CentOS Errata and Security Advisory 2017:3382 Important 

Upstream details at : https://access.redhat.com/errata/RHSA-2017:3382

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
423f01809c25b267fabc16336ab7a9513be96506438f605b10c14c4f6697b145  firefox-52.5.1-1.el6.centos.i686.rpm

x86_64:
423f01809c25b267fabc16336ab7a9513be96506438f605b10c14c4f6697b145  firefox-52.5.1-1.el6.centos.i686.rpm
0200c4ceef78fb2a81b758b473057e6d0a5d9cbc26c9ca2c42f99332f82114ed  firefox-52.5.1-1.el6.centos.x86_64.rpm

Source:
6c3c3d2c15ff04f1cf73561eb333cb530ac987a2afc9eff5397db992551d7c68  firefox-52.5.1-1.el6.centos.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC