Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2017-5378 - log back

CVE-2017-5378 created at 25 Sep 2019 19:31:40

Severity

+

High

Remote

+

Remote

Type

+	Information disclosure

Description

+

An information disclosure vulnerability has been found in Firefox < 51 and Thunderbird < 45.7, where hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object’s address can be discovered through hash codes, and also allows for data leakage of an object’s content using these hash codes.

References

+	https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5378
+	https://bugzilla.mozilla.org/show_bug.cgi?id=1312001
+	https://bugzilla.mozilla.org/show_bug.cgi?id=1330769

Notes