CVE-2017-5407 - Vulnerability Details

Vendors	Products
Debian	Debian Linux
Mozilla	Firefox Firefox Esr Thunderbird
Redhat	Enterprise Linux Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus Enterprise Linux Server Eus Enterprise Linux Workstation

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 5
firefox-0:45.8.0-2.el5_11	cpe:/o:redhat:enterprise_linux:5	RHSA-2017:0459	2017-03-08T00:00:00Z
thunderbird-0:45.8.0-1.el5_11	cpe:/o:redhat:enterprise_linux:5	RHSA-2017:0498	2017-03-14T00:00:00Z
Red Hat Enterprise Linux 6
firefox-0:45.8.0-2.el6_8	cpe:/o:redhat:enterprise_linux:6	RHSA-2017:0459	2017-03-08T00:00:00Z
thunderbird-0:45.8.0-1.el6_8	cpe:/o:redhat:enterprise_linux:6	RHSA-2017:0498	2017-03-14T00:00:00Z
Red Hat Enterprise Linux 7
firefox-0:52.0-4.el7_3	cpe:/o:redhat:enterprise_linux:7	RHSA-2017:0461	2017-03-08T00:00:00Z
thunderbird-0:45.8.0-1.el7_3	cpe:/o:redhat:enterprise_linux:7	RHSA-2017:0498	2017-03-14T00:00:00Z

Link	Providers
http://rhn.redhat.com/errata/RHSA-2017-0459.html
http://rhn.redhat.com/errata/RHSA-2017-0461.html
http://rhn.redhat.com/errata/RHSA-2017-0498.html
http://www.securityfocus.com/bid/96693
http://www.securitytracker.com/id/1037966
https://bugzilla.mozilla.org/show_bug.cgi?id=1336622
https://nvd.nist.gov/vuln/detail/CVE-2017-5407
https://security.gentoo.org/glsa/201705-06
https://security.gentoo.org/glsa/201705-07
https://www.cve.org/CVERecord?id=CVE-2017-5407
https://www.debian.org/security/2017/dsa-3805
https://www.debian.org/security/2017/dsa-3832
https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5407
https://www.mozilla.org/security/advisories/mfsa2017-05/
https://www.mozilla.org/security/advisories/mfsa2017-06/
https://www.mozilla.org/security/advisories/mfsa2017-07/
https://www.mozilla.org/security/advisories/mfsa2017-09/

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"lessThan": "52", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Firefox ESR", "vendor": "Mozilla", "versions": [{"lessThan": "45.8", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"lessThan": "52", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "45.8", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2017-03-07T00:00:00", "descriptions": [{"lang": "en", "value": "Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information disclosure. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8."}], "problemTypes": [{"descriptions": [{"description": "Pixel and history stealing via floating-point timing side channel with SVG filters", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-06-12T09:57:01", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla"}, "references": [{"name": "96693", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/96693"}, {"name": "RHSA-2017:0459", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0459.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1336622"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.mozilla.org/security/advisories/mfsa2017-09/"}, {"name": "DSA-3832", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2017/dsa-3832"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.mozilla.org/security/advisories/mfsa2017-07/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.mozilla.org/security/advisories/mfsa2017-05/"}, {"name": "1037966", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1037966"}, {"name": "GLSA-201705-06", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201705-06"}, {"name": "RHSA-2017:0461", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0461.html"}, {"name": "DSA-3805", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2017/dsa-3805"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.mozilla.org/security/advisories/mfsa2017-06/"}, {"name": "RHSA-2017:0498", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0498.html"}, {"name": "GLSA-201705-07", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201705-07"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@mozilla.org", "ID": "CVE-2017-5407", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Firefox", "version": {"version_data": [{"version_affected": "<", "version_value": "52"}]}}, {"product_name": "Firefox ESR", "version": {"version_data": [{"version_affected": "<", "version_value": "45.8"}]}}, {"product_name": "Thunderbird", "version": {"version_data": [{"version_affected": "<", "version_value": "52"}, {"version_affected": "<", "version_value": "45.8"}]}}]}, "vendor_name": "Mozilla"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information disclosure. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Pixel and history stealing via floating-point timing side channel with SVG filters"}]}]}, "references": {"reference_data": [{"name": "96693", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96693"}, {"name": "RHSA-2017:0459", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0459.html"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1336622", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1336622"}, {"name": "https://www.mozilla.org/security/advisories/mfsa2017-09/", "refsource": "CONFIRM", "url": "https://www.mozilla.org/security/advisories/mfsa2017-09/"}, {"name": "DSA-3832", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-3832"}, {"name": "https://www.mozilla.org/security/advisories/mfsa2017-07/", "refsource": "CONFIRM", "url": "https://www.mozilla.org/security/advisories/mfsa2017-07/"}, {"name": "https://www.mozilla.org/security/advisories/mfsa2017-05/", "refsource": "CONFIRM", "url": "https://www.mozilla.org/security/advisories/mfsa2017-05/"}, {"name": "1037966", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037966"}, {"name": "GLSA-201705-06", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201705-06"}, {"name": "RHSA-2017:0461", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0461.html"}, {"name": "DSA-3805", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-3805"}, {"name": "https://www.mozilla.org/security/advisories/mfsa2017-06/", "refsource": "CONFIRM", "url": "https://www.mozilla.org/security/advisories/mfsa2017-06/"}, {"name": "RHSA-2017:0498", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0498.html"}, {"name": "GLSA-201705-07", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201705-07"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T14:55:35.801Z"}, "title": "CVE Program Container", "references": [{"name": "96693", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/96693"}, {"name": "RHSA-2017:0459", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0459.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1336622"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.mozilla.org/security/advisories/mfsa2017-09/"}, {"name": "DSA-3832", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2017/dsa-3832"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.mozilla.org/security/advisories/mfsa2017-07/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.mozilla.org/security/advisories/mfsa2017-05/"}, {"name": "1037966", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1037966"}, {"name": "GLSA-201705-06", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201705-06"}, {"name": "RHSA-2017:0461", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0461.html"}, {"name": "DSA-3805", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2017/dsa-3805"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.mozilla.org/security/advisories/mfsa2017-06/"}, {"name": "RHSA-2017:0498", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0498.html"}, {"name": "GLSA-201705-07", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201705-07"}]}]}, "cveMetadata": {"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2017-5407", "datePublished": "2018-06-11T21:00:00", "dateReserved": "2017-01-13T00:00:00", "dateUpdated": "2024-08-05T14:55:35.801Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : Firefox (string)

vendor : Mozilla (string)

versions : [ »

0 : { »

lessThan : 52 (string)

status : affected (string)

version : unspecified (string)

versionType : custom (string)

}

]

}

1 : { »

product : Firefox ESR (string)

vendor : Mozilla (string)

versions : [ »

0 : { »

lessThan : 45.8 (string)

status : affected (string)

version : unspecified (string)

versionType : custom (string)

}

]

}

2 : { »

product : Thunderbird (string)

vendor : Mozilla (string)

versions : [ »

0 : { »

lessThan : 52 (string)

status : affected (string)

version : unspecified (string)

versionType : custom (string)

}

1 : { »

lessThan : 45.8 (string)

status : affected (string)

version : unspecified (string)

versionType : custom (string)

}

]

}

]

datePublic : 2017-03-07T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information disclosure. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : Pixel and history stealing via floating-point timing side channel with SVG filters (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2018-06-12T09:57:01 (string)

orgId : f16b083a-5664-49f3-a51e-8d479e5ed7fe (string)

shortName : mozilla (string)

}

references : [ »

0 : { »

name : 96693 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/96693 (string)

}

1 : { »

name : RHSA-2017:0459 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2017-0459.html (string)

}

2 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://bugzilla.mozilla.org/show_bug.cgi?id=1336622 (string)

}

3 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://www.mozilla.org/security/advisories/mfsa2017-09/ (string)

}

4 : { »

name : DSA-3832 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

]

url : https://www.debian.org/security/2017/dsa-3832 (string)

}

5 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://www.mozilla.org/security/advisories/mfsa2017-07/ (string)

}

6 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://www.mozilla.org/security/advisories/mfsa2017-05/ (string)

}

7 : { »

name : 1037966 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

]

url : http://www.securitytracker.com/id/1037966 (string)

}

8 : { »

name : GLSA-201705-06 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_GENTOO (string)

]

url : https://security.gentoo.org/glsa/201705-06 (string)

}

9 : { »

name : RHSA-2017:0461 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2017-0461.html (string)

}

10 : { »

name : DSA-3805 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

]

url : https://www.debian.org/security/2017/dsa-3805 (string)

}

11 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://www.mozilla.org/security/advisories/mfsa2017-06/ (string)

}

12 : { »

name : RHSA-2017:0498 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2017-0498.html (string)

}

13 : { »

name : GLSA-201705-07 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_GENTOO (string)

]

url : https://security.gentoo.org/glsa/201705-07 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : security@mozilla.org (string)

ID : CVE-2017-5407 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : Firefox (string)

version : { »

version_data : [ »

0 : { »

version_affected : < (string)

version_value : 52 (string)

}

]

}

1 : { »

product_name : Firefox ESR (string)

version : { »

version_data : [ »

0 : { »

version_affected : < (string)

version_value : 45.8 (string)

}

]

}

2 : { »

product_name : Thunderbird (string)

version : { »

version_data : [ »

0 : { »

version_affected : < (string)

version_value : 52 (string)

}

1 : { »

version_affected : < (string)

version_value : 45.8 (string)

}

]

}

]

}

vendor_name : Mozilla (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information disclosure. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : Pixel and history stealing via floating-point timing side channel with SVG filters (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : 96693 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/96693 (string)

}

1 : { »

name : RHSA-2017:0459 (string)

refsource : REDHAT (string)

url : http://rhn.redhat.com/errata/RHSA-2017-0459.html (string)

}

2 : { »

name : https://bugzilla.mozilla.org/show_bug.cgi?id=1336622 (string)

refsource : CONFIRM (string)

url : https://bugzilla.mozilla.org/show_bug.cgi?id=1336622 (string)

}

3 : { »

name : https://www.mozilla.org/security/advisories/mfsa2017-09/ (string)

refsource : CONFIRM (string)

url : https://www.mozilla.org/security/advisories/mfsa2017-09/ (string)

}

4 : { »

name : DSA-3832 (string)

refsource : DEBIAN (string)

url : https://www.debian.org/security/2017/dsa-3832 (string)

}

5 : { »

name : https://www.mozilla.org/security/advisories/mfsa2017-07/ (string)

refsource : CONFIRM (string)

url : https://www.mozilla.org/security/advisories/mfsa2017-07/ (string)

}

6 : { »

name : https://www.mozilla.org/security/advisories/mfsa2017-05/ (string)

refsource : CONFIRM (string)

url : https://www.mozilla.org/security/advisories/mfsa2017-05/ (string)

}

7 : { »

name : 1037966 (string)

refsource : SECTRACK (string)

url : http://www.securitytracker.com/id/1037966 (string)

}

8 : { »

name : GLSA-201705-06 (string)

refsource : GENTOO (string)

url : https://security.gentoo.org/glsa/201705-06 (string)

}

9 : { »

name : RHSA-2017:0461 (string)

refsource : REDHAT (string)

url : http://rhn.redhat.com/errata/RHSA-2017-0461.html (string)

}

10 : { »

name : DSA-3805 (string)

refsource : DEBIAN (string)

url : https://www.debian.org/security/2017/dsa-3805 (string)

}

11 : { »

name : https://www.mozilla.org/security/advisories/mfsa2017-06/ (string)

refsource : CONFIRM (string)

url : https://www.mozilla.org/security/advisories/mfsa2017-06/ (string)

}

12 : { »

name : RHSA-2017:0498 (string)

refsource : REDHAT (string)

url : http://rhn.redhat.com/errata/RHSA-2017-0498.html (string)

}

13 : { »

name : GLSA-201705-07 (string)

refsource : GENTOO (string)

url : https://security.gentoo.org/glsa/201705-07 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-05T14:55:35.801Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : 96693 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/96693 (string)

}

1 : { »

name : RHSA-2017:0459 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2017-0459.html (string)

}

2 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://bugzilla.mozilla.org/show_bug.cgi?id=1336622 (string)

}

3 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://www.mozilla.org/security/advisories/mfsa2017-09/ (string)

}

4 : { »

name : DSA-3832 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

2 : x_transferred (string)

]

url : https://www.debian.org/security/2017/dsa-3832 (string)

}

5 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://www.mozilla.org/security/advisories/mfsa2017-07/ (string)

}

6 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://www.mozilla.org/security/advisories/mfsa2017-05/ (string)

}

7 : { »

name : 1037966 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

2 : x_transferred (string)

]

url : http://www.securitytracker.com/id/1037966 (string)

}

8 : { »

name : GLSA-201705-06 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_GENTOO (string)

2 : x_transferred (string)

]

url : https://security.gentoo.org/glsa/201705-06 (string)

}

9 : { »

name : RHSA-2017:0461 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2017-0461.html (string)

}

10 : { »

name : DSA-3805 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

2 : x_transferred (string)

]

url : https://www.debian.org/security/2017/dsa-3805 (string)

}

11 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://www.mozilla.org/security/advisories/mfsa2017-06/ (string)

}

12 : { »

name : RHSA-2017:0498 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2017-0498.html (string)

}

13 : { »

name : GLSA-201705-07 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_GENTOO (string)

2 : x_transferred (string)

]

url : https://security.gentoo.org/glsa/201705-07 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : f16b083a-5664-49f3-a51e-8d479e5ed7fe (string)

assignerShortName : mozilla (string)

cveId : CVE-2017-5407 (string)

datePublished : 2018-06-11T21:00:00 (string)

dateReserved : 2017-01-13T00:00:00 (string)

dateUpdated : 2024-08-05T14:55:35.801Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "A8442C20-41F9-47FD-9A12-E724D3A31FD7", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "6239EC26-A3A1-4FD4-B96F-F47B09C0CA00", "versionEndExcluding": "52.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "matchCriteriaId": "55EF46FB-6727-4FAC-943E-E5CC4F8CCBF7", "versionEndExcluding": "45.8.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "B87A8A50-E690-4827-B3BE-75B35A14E1D6", "versionEndExcluding": "45.8.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "566987B8-698A-4EB8-8380-FA44DB228B81", "versionEndExcluding": "52.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information disclosure. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8."}, {"lang": "es", "value": "Mediante el uso de filtros SVG que no emplean la implementaci\u00f3n de matem\u00e1tica de punto fijo en un iframe objetivo, una p\u00e1gina maliciosa puede extraer valores de p\u00edxeles de un usuario objetivo. Esto puede emplearse para extraer informaci\u00f3n de historial y leer valores de texto en dominios. Esto viola la pol\u00edtica del mismo origen y conduce a una divulgaci\u00f3n de informaci\u00f3n. La vulnerabilidad afecta a Firefox en versiones anteriores a la 52, Firefox ESR en versiones anteriores a la 45.8, Thunderbird en versiones anteriores a la 52 y Thunderbird en versiones anteriores a la 45.8."}], "id": "CVE-2017-5407", "lastModified": "2024-11-21T03:27:33.110", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-06-11T21:29:04.373", "references": [{"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0459.html"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0461.html"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0498.html"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/96693"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1037966"}, {"source": "security@mozilla.org", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1336622"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201705-06"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201705-07"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2017/dsa-3805"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2017/dsa-3832"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2017-05/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2017-06/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2017-07/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2017-09/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0459.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0461.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0498.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/96693"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1037966"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1336622"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201705-06"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201705-07"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2017/dsa-3805"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2017/dsa-3832"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2017-05/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2017-06/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2017-07/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2017-09/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* (string)

matchCriteriaId : C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 1D8B549B-E57B-4DFE-8A13-CAB06B5356B3 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 142AD0DD-4CF3-4D74-9442-459CE3347E3A (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 133AAFA7-AF42-4D7B-8822-AA2E85611BF5 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* (string)

matchCriteriaId : EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 33C068A4-3780-4EAB-A937-6082DF847564 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 54D669D4-6D7E-449D-80C1-28FA44F06FFE (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 9BBCD86A-E6C7-4444-9D74-F861084090F0 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 51EF4996-72F4-4FA4-814F-F5991E7A8318 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 98381E61-F082-4302-B51F-5648884F998B (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:* (string)

matchCriteriaId : D99A687E-EAE6-417E-A88E-D0082BC194CD (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:* (string)

matchCriteriaId : A8442C20-41F9-47FD-9A12-E724D3A31FD7 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:* (string)

matchCriteriaId : A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8 (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:* (string)

matchCriteriaId : D0AC5CD5-6E58-433C-9EB3-6DFE5656463E (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:* (string)

matchCriteriaId : E5ED5807-55B7-47C5-97A6-03233F4FBC3A (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 825ECE2D-E232-46E0-A047-074B34DB1E97 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 6239EC26-A3A1-4FD4-B96F-F47B09C0CA00 (string)

versionEndExcluding : 52.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

3 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 55EF46FB-6727-4FAC-943E-E5CC4F8CCBF7 (string)

versionEndExcluding : 45.8.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

4 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* (string)

matchCriteriaId : B87A8A50-E690-4827-B3BE-75B35A14E1D6 (string)

versionEndExcluding : 45.8.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

5 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 566987B8-698A-4EB8-8380-FA44DB228B81 (string)

versionEndExcluding : 52.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information disclosure. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. (string)

}

1 : { »

lang : es (string)

value : Mediante el uso de filtros SVG que no emplean la implementación de matemática de punto fijo en un iframe objetivo, una página maliciosa puede extraer valores de píxeles de un usuario objetivo. Esto puede emplearse para extraer información de historial y leer valores de texto en dominios. Esto viola la política del mismo origen y conduce a una divulgación de información. La vulnerabilidad afecta a Firefox en versiones anteriores a la 52, Firefox ESR en versiones anteriores a la 45.8, Thunderbird en versiones anteriores a la 52 y Thunderbird en versiones anteriores a la 45.8. (string)

}

]

id : CVE-2017-5407 (string)

lastModified : 2024-11-21T03:27:33.110 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : NONE (string)

baseScore : 4.3 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:M/Au:N/C:P/I:N/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 8.6 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : true (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 6.5 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : HIGH (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N (string)

version : 3.0 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2018-06-11T21:29:04.373 (string)

references : [ »

0 : { »

source : security@mozilla.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://rhn.redhat.com/errata/RHSA-2017-0459.html (string)

}

1 : { »

source : security@mozilla.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://rhn.redhat.com/errata/RHSA-2017-0461.html (string)

}

2 : { »

source : security@mozilla.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://rhn.redhat.com/errata/RHSA-2017-0498.html (string)

}

3 : { »

source : security@mozilla.org (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/96693 (string)

}

4 : { »

source : security@mozilla.org (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securitytracker.com/id/1037966 (string)

}

5 : { »

source : security@mozilla.org (string)

tags : [ »

0 : Exploit (string)

1 : Issue Tracking (string)

2 : Vendor Advisory (string)

]

url : https://bugzilla.mozilla.org/show_bug.cgi?id=1336622 (string)

}

6 : { »

source : security@mozilla.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://security.gentoo.org/glsa/201705-06 (string)

}

7 : { »

source : security@mozilla.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://security.gentoo.org/glsa/201705-07 (string)

}

8 : { »

source : security@mozilla.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://www.debian.org/security/2017/dsa-3805 (string)

}

9 : { »

source : security@mozilla.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://www.debian.org/security/2017/dsa-3832 (string)

}

10 : { »

source : security@mozilla.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.mozilla.org/security/advisories/mfsa2017-05/ (string)

}

11 : { »

source : security@mozilla.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.mozilla.org/security/advisories/mfsa2017-06/ (string)

}

12 : { »

source : security@mozilla.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.mozilla.org/security/advisories/mfsa2017-07/ (string)

}

13 : { »

source : security@mozilla.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.mozilla.org/security/advisories/mfsa2017-09/ (string)

}

14 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://rhn.redhat.com/errata/RHSA-2017-0459.html (string)

}

15 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://rhn.redhat.com/errata/RHSA-2017-0461.html (string)

}

16 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://rhn.redhat.com/errata/RHSA-2017-0498.html (string)

}

17 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/96693 (string)

}

18 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securitytracker.com/id/1037966 (string)

}

19 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Exploit (string)

1 : Issue Tracking (string)

2 : Vendor Advisory (string)

]

url : https://bugzilla.mozilla.org/show_bug.cgi?id=1336622 (string)

}

20 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://security.gentoo.org/glsa/201705-06 (string)

}

21 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://security.gentoo.org/glsa/201705-07 (string)

}

22 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://www.debian.org/security/2017/dsa-3805 (string)

}

23 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://www.debian.org/security/2017/dsa-3832 (string)

}

24 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.mozilla.org/security/advisories/mfsa2017-05/ (string)

}

25 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.mozilla.org/security/advisories/mfsa2017-06/ (string)

}

26 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.mozilla.org/security/advisories/mfsa2017-07/ (string)

}

27 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.mozilla.org/security/advisories/mfsa2017-09/ (string)

}

]

sourceIdentifier : security@mozilla.org (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-200 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges David Kohlbrenner as the original reporter.", "affected_release": [{"advisory": "RHSA-2017:0459", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "firefox-0:45.8.0-2.el5_11", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2017-03-08T00:00:00Z"}, {"advisory": "RHSA-2017:0498", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "thunderbird-0:45.8.0-1.el5_11", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2017-03-14T00:00:00Z"}, {"advisory": "RHSA-2017:0459", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "firefox-0:45.8.0-2.el6_8", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2017-03-08T00:00:00Z"}, {"advisory": "RHSA-2017:0498", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "thunderbird-0:45.8.0-1.el6_8", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2017-03-14T00:00:00Z"}, {"advisory": "RHSA-2017:0461", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "firefox-0:52.0-4.el7_3", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-03-08T00:00:00Z"}, {"advisory": "RHSA-2017:0498", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "thunderbird-0:45.8.0-1.el7_3", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-03-14T00:00:00Z"}], "bugzilla": {"description": "Mozilla: Pixel and history stealing via floating-point timing side channel with SVG filters (MFSA 2017-06)", "id": "1429782", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1429782"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified"}, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified"}, "details": ["Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information disclosure. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8."], "name": "CVE-2017-5407", "public_date": "2017-03-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-5407\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5407\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5407"], "threat_severity": "Moderate"}

{

acknowledgement : Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges David Kohlbrenner as the original reporter. (string)

affected_release : [ »

0 : { »

advisory : RHSA-2017:0459 (string)

cpe : cpe:/o:redhat:enterprise_linux:5 (string)

package : firefox-0:45.8.0-2.el5_11 (string)

product_name : Red Hat Enterprise Linux 5 (string)

release_date : 2017-03-08T00:00:00Z (string)

}

1 : { »

advisory : RHSA-2017:0498 (string)

cpe : cpe:/o:redhat:enterprise_linux:5 (string)

package : thunderbird-0:45.8.0-1.el5_11 (string)

product_name : Red Hat Enterprise Linux 5 (string)

release_date : 2017-03-14T00:00:00Z (string)

}

2 : { »

advisory : RHSA-2017:0459 (string)

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

package : firefox-0:45.8.0-2.el6_8 (string)

product_name : Red Hat Enterprise Linux 6 (string)

release_date : 2017-03-08T00:00:00Z (string)

}

3 : { »

advisory : RHSA-2017:0498 (string)

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

package : thunderbird-0:45.8.0-1.el6_8 (string)

product_name : Red Hat Enterprise Linux 6 (string)

release_date : 2017-03-14T00:00:00Z (string)

}

4 : { »

advisory : RHSA-2017:0461 (string)

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

package : firefox-0:52.0-4.el7_3 (string)

product_name : Red Hat Enterprise Linux 7 (string)

release_date : 2017-03-08T00:00:00Z (string)

}

5 : { »

advisory : RHSA-2017:0498 (string)

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

package : thunderbird-0:45.8.0-1.el7_3 (string)

product_name : Red Hat Enterprise Linux 7 (string)

release_date : 2017-03-14T00:00:00Z (string)

}

]

bugzilla : { »

description : Mozilla: Pixel and history stealing via floating-point timing side channel with SVG filters (MFSA 2017-06) (string)

id : 1429782 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=1429782 (string)

}

csaw : false (boolean)

cvss : { »

cvss_base_score : 4.3 (string)

cvss_scoring_vector : AV:N/AC:M/Au:N/C:N/I:P/A:N (string)

status : verified (string)

}

cvss3 : { »

cvss3_base_score : 6.1 (string)

cvss3_scoring_vector : CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N (string)

status : verified (string)

}

details : [ »

0 : Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information disclosure. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. (string)

]

name : CVE-2017-5407 (string)

public_date : 2017-03-07T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2017-5407 https://nvd.nist.gov/vuln/detail/CVE-2017-5407 https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5407 (string)

]

threat_severity : Moderate (string)

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object