CVE-2017-5408

Source
Severity Medium
Remote Yes
Type Information disclosure
Description
Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions.
Group Package Affected Fixed Severity Status Ticket
AVG-194 firefox 51.0.1-1 52.0-1 Critical Fixed
AVG-193 thunderbird 45.7.1-3 45.8.0-1 Critical Fixed
Date Advisory Group Package Severity Description
10 Mar 2017 ASA-201703-3 AVG-194 firefox Critical multiple issues
10 Mar 2017 ASA-201703-2 AVG-193 thunderbird Critical multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5408
https://bugzilla.mozilla.org/show_bug.cgi?id=1313711