VDB
CVE-2017-5378
CVE-2017-5378
PUBLISHED
Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an object's content using these hash codes. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.
EPSS 1.59% · 82.0th percentile
Risk Scores
EPSS Score
1.59%
82.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:14.04:LTS | thunderbird | 0, 1:24.0+build1-0ubuntu2, 1:24.1.1+build1-0ubuntu0.13.10.1 |
| Ubuntu:16.04:LTS | thunderbird | 1:38.3.0+build1-0ubuntu2, *, 1:45.5.1+build1-0ubuntu0.16.04.1 |
| Ubuntu:16.04:LTS | firefox | *, 0, 42.0+build2-0ubuntu1 |
| Ubuntu:14.04:LTS | firefox | 45.0.2+build1-0ubuntu0.14.04.1, 46.0+build5-0ubuntu0.14.04.2, 46.0.1+build1-0ubuntu0.14.04.3 |
Exploit Intelligence
Timeline
- Jan 25, 2017 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2017-5378 third-party-advisory
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5378 third-party-advisory
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/#CVE-2017-5378 third-party-advisory
- https://ubuntu.com/security/notices/USN-3175-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-3165-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2017-5378 third-party-advisory