Main Vulnerability Database Vulnerabilities #VU6345

Information disclosure in Mozilla Firefox - CVE-2017-5468

Published: April 19, 2017

Vulnerability identifier: #VU6345

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-5468

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Mozilla

Affected software:
Mozilla Firefox

Detailed vulnerability description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to an error connected with incorrect ownership model of privateBrowsing. An attacker can expose certain sensitive data through developer tools. This can result in a non-exploitable crash when manually triggered during debugging.

How to mitigate CVE-2017-5468

Update to Firefox 53.

Sources

https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/

Information disclosure in Mozilla Firefox - CVE-2017-5468

Detailed vulnerability description

How to mitigate CVE-2017-5468

Sources

Please verify you're human