Security restrictions bypass in firefox-esr (Alpine package)
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2017-7843 |
| CWE-ID | CWE-284 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
firefox-esr (Alpine package) Operating systems & Components / Operating system package or component |
| Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Security restrictions bypass
EUVDB-ID: #VU9527
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-7843
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists in web worker while in Private Browsing mode due to improper input validation. A remote attacker can trick the victim into visiting a specially crafted website, bypass private-browsing protections and uniquely fingerprint visitors.to write persistent data to IndexedDB, which was not cleared when exiting and would persist across multiple sessions.
Install update from vendor's website.
Vulnerable software versionsfirefox-esr (Alpine package): 52.5.0-r0
CPE2.3 External linkshttps://git.alpinelinux.org/aports/commit/?id=21febb02a03ed44bde98b19a5e38d54a2ac01c33
https://git.alpinelinux.org/aports/commit/?id=42d0fe5b17329c55a287471860d50478d65c8669
https://git.alpinelinux.org/aports/commit/?id=26701b74f891400a545844d0ba4f616001b15944
https://git.alpinelinux.org/aports/commit/?id=ce1893a60404d9954a620738b865fe7d085a0019
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
