Bug ID 1072034
Summary VUL-0: CVE-2017-7843,CVE-2017-7844: MozillaFirefox: Security vulnerabilities fixed in Firefox 57.0.1
Classification openSUSE
Product openSUSE Tumbleweed
Version Current
Hardware Other
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Security
Assignee security-team@suse.de
Reporter astieger@suse.com
QA Contact qa-bugs@suse.de
CC wolfgang@rosenauer.org
Found By Security Response Team
Blocker --- 

from https://www.mozilla.org/en-US/security/advisories/mfsa2017-27/

- CVE-2017-7843: Web worker in Private Browsing mode can write IndexedDB data

When Private Browsing mode is used, it is possible for a web worker to write
persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should
not be available in Private Browsing mode and this stored data will persist
across multiple private browsing mode sessions because it is not cleared when
exiting.
References

bmo#1410106

- CVE-2017-7844: Visited history information leak through SVG image

A combination of an external SVG image referenced on a page and the coloring of
anchor links stored within this image can be used to determine which pages a
user has in their history. This can allow a malicious website to query user
history.
Note: This issue only affects Firefox 57. Earlier releases are not affected.

bmo#1420001

You are receiving this mail because: