Lucene search

MozillaCVE-2017-7831

HistoryJun 11, 2018 - 9:29 p.m.

CVE-2017-7831

2018-06-1121:29:11

CWE-200

mozilla

web.nvd.nist.gov

cve-2017-7831

vulnerability

security wrapper

proxy objects

firefox

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.2

Confidence

Low

EPSS

0.002

Percentile

60.0%

JSON

A vulnerability where the security wrapper does not deny access to some exposed properties using the deprecated “exposedProps” mechanism on proxy objects. These properties should be explicitly unavailable to proxy objects. This vulnerability affects Firefox < 57.

Affected configurations

Nvd

Vulners

Node

mozillafirefoxRange≤56.0.2

VendorProductVersionCPE
mozillafirefox*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	firefox	*	cpe:2.3:a:mozilla:firefox::::::::

CNA Affected

[
  {
    "product": "Firefox",
    "vendor": "Mozilla",
    "versions": [
      {
        "lessThan": "57",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]