First Last Prev Next    This bug is not in your last search results.
Bug 1072034 - (CVE-2017-7843) VUL-0: CVE-2017-7843: MozillaFirefox: Web worker in Private Browsing mode can write IndexedDB data
(CVE-2017-7843)
VUL-0: CVE-2017-7843: MozillaFirefox: Web worker in Private Browsing mode can...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Major
: unspecified
Assigned To: Petr Cerny
Security Team bot
https://smash.suse.de/issue/196080/
CVSSv2:SUSE:CVE-2017-7843:5.0:(AV:N/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-12-09 20:07 UTC by Andreas Stieger
Modified: 2020-06-11 16:26 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Andreas Stieger 2017-12-09 20:13:48 UTC 
from https://www.mozilla.org/en-US/security/advisories/mfsa2017-27/
from https://www.mozilla.org/en-US/security/advisories/mfsa2017-28/

- CVE-2017-7843: Web worker in Private Browsing mode can write IndexedDB data

When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persist across multiple private browsing mode sessions because it is not cleared when exiting.
References

bmo#1410106

Fixed in 57.0.1, 52.5.2 ESR

Already fixed in Factory, amending changelog.
Comment 2 Bernhard Wiedemann 2017-12-10 12:50:05 UTC 
This is an autogenerated message for OBS integration:
This bug (1072034) was mentioned in
https://build.opensuse.org/request/show/555659 42.2+42.3 / MozillaFirefox
Comment 3 Bernhard Wiedemann 2017-12-11 09:10:06 UTC 
This is an autogenerated message for OBS integration:
This bug (1072034) was mentioned in
https://build.opensuse.org/request/show/555866 Factory / MozillaFirefox
Comment 4 Swamp Workflow Management 2017-12-12 20:08:41 UTC 
openSUSE-SU-2017:3272-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1072034
CVE References: CVE-2017-7843
Sources used:
openSUSE Leap 42.3 (src):    MozillaFirefox-52.5.2-69.1
openSUSE Leap 42.2 (src):    MozillaFirefox-52.5.2-57.24.1
Comment 6 Marcus Meissner 2019-07-18 07:23:04 UTC 
fixed in our current ESR streams
First Last Prev Next    This bug is not in your last search results.