CVE-2017-5378 Vulnerability Details

  /     /     /  

CVE-2017-5378 Metadata Quick Info

CVE Published: 11/06/2018 | CVE Updated: 05/08/2024 | CVE Year: 2017
Source: mozilla | Vendor: Mozilla | Product: Thunderbird
Status : PUBLISHED

---

CVE-2017-5378 Description

Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object\'s address can be discovered through hash codes, and also allows for data leakage of an object\'s content using these hash codes. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: Pointer and frame data leakage of Javascript objects
Source: Mozilla

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).