VDB
CVE-2017-7843
CVE-2017-7843
PUBLISHED
When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persist across multiple private browsing mode sessions because it is not cleared when exiting. This vulnerability affects Firefox ESR < 52.5.2 and Firefox < 57.0.1.
EPSS 0.88% · 75.7th percentile
Risk Scores
EPSS Score
0.88%
75.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | firefox | *, 0 |
| Ubuntu:14.04:LTS | firefox | 28.0+build1-0ubuntu1, 28.0+build2-0ubuntu1, 28.0+build2-0ubuntu2 |
| Ubuntu:16.04:LTS | firefox | 44.0+build3-0ubuntu2, 44.0.1+build1-0ubuntu1, 45.0.1+build1-0ubuntu1 |
Exploit Intelligence
Timeline
- Jun 11, 2018 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2017-7843 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2017-7843 third-party-advisory