CVE-2017-5378

Source
Severity High
Remote Yes
Type Information disclosure
Description
An information disclosure vulnerability has been found in Firefox < 51 and Thunderbird < 45.7, where hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object’s address can be discovered through hash codes, and also allows for data leakage of an object’s content using these hash codes.
Group Package Affected Fixed Severity Status Ticket
AVG-158 thunderbird 45.6.0-1 45.7.0-1 Critical Fixed
AVG-157 firefox 50.1.0-1 51.0.1-1 Critical Fixed
Date Advisory Group Package Severity Description
29 Jan 2017 ASA-201701-40 AVG-158 thunderbird Critical multiple issues
29 Jan 2017 ASA-201701-39 AVG-157 firefox Critical multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5378
https://bugzilla.mozilla.org/show_bug.cgi?id=1312001
https://bugzilla.mozilla.org/show_bug.cgi?id=1330769