4.3
CVSSv2

CVE-2017-7830

Published: 11/06/2018 Updated: 03/10/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Vulnerability Summary

The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.

Vulnerability Trend

Affected Products

Vendor Product Versions
MozillaFirefox-, 0.1, 0.2, 0.3, 0.4, 0.5, 0.6, 0.6.1, 0.7, 0.7.1, 0.8, 0.9, 0.9.1, 0.9.2, 0.9.3, 0.10, 0.10.1, 1.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.0.8, 1.4.1, 1.5, 1.5.0.1, 1.5.0.2, 1.5.0.3, 1.5.0.4, 1.5.0.5, 1.5.0.6, 1.5.0.7, 1.5.0.8, 1.5.0.9, 1.5.0.10, 1.5.0.11, 1.5.0.12, 1.5.1, 1.5.2, 1.5.3, 1.5.4, 1.5.5, 1.5.6, 1.5.7, 1.5.8, 1.8, 2.0, 2.0.0.1, 2.0.0.2, 2.0.0.3, 2.0.0.4, 2.0.0.5, 2.0.0.6, 2.0.0.7, 2.0.0.8, 2.0.0.9, 2.0.0.10, 2.0.0.11, 2.0.0.12, 2.0.0.13, 2.0.0.14, 2.0.0.15, 2.0.0.16, 2.0.0.17, 2.0.0.18, 2.0.0.19, 2.0.0.20, 3.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, 3.0.12, 3.0.13, 3.0.14, 3.0.15, 3.0.16, 3.0.17, 3.0.18, 3.0.19, 3.5, 3.5.1, 3.5.2, 3.5.3, 3.5.4, 3.5.5, 3.5.6, 3.5.7, 3.5.8, 3.5.9, 3.5.10, 3.5.11, 3.5.12, 3.5.13, 3.5.14, 3.5.15, 3.5.16, 3.5.17, 3.5.18, 3.5.19, 3.6, 3.6.2, 3.6.3, 3.6.4, 3.6.6, 3.6.7, 3.6.8, 3.6.9, 3.6.10, 3.6.11, 3.6.12, 3.6.13, 3.6.14, 3.6.15, 3.6.16, 3.6.17, 3.6.18, 3.6.19, 3.6.20, 3.6.21, 3.6.22, 3.6.23, 3.6.24, 3.6.25, 3.6.26, 3.6.27, 3.6.28, 4.0, 4.0.1, 5.0, 5.0.1, 6.0, 6.0.1, 6.0.2, 7.0, 7.0.1, 8.0, 8.0.1, 9.0, 9.0.1, 10.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, 10.0.5, 10.0.6, 10.0.7, 10.0.8, 10.0.9, 10.0.10, 10.0.11, 10.0.12, 11.0, 12.0, 13.0, 13.0.1, 14.0, 14.0.1, 15.0, 15.0.1, 16.0, 16.0.1, 16.0.2, 17.0, 17.0.1, 17.0.2, 17.0.3, 17.0.4, 17.0.5, 17.0.6, 17.0.7, 17.0.8, 17.0.9, 17.0.10, 17.0.11, 18.0, 18.0.1, 18.0.2, 19.0, 19.0.1, 19.0.2, 20.0, 20.0.1, 21.0, 22.0, 23.0, 23.0.1, 24.0, 24.1, 24.1.0, 24.1.1, 24.2.0, 24.3.0, 24.4.0, 24.5.0, 24.6.0, 24.7.0, 24.8.0, 24.8.1, 25.0, 25.0.1, 26.0, 27.0, 27.0.1, 28.0, 29.0, 29.0.1, 30.0, 31.0, 31.1.0, 31.1.1, 31.2.0, 31.3.0, 31.4.0, 31.5.0, 31.5.2, 31.5.3, 31.6.0, 31.7.0, 31.8.0, 32.0, 32.0.1, 32.0.2, 32.0.3, 33.0, 33.0.1, 33.0.2, 33.0.3, 33.1, 33.1.1, 34.0, 34.0.5, 35.0, 35.0.1, 36.0, 36.0.1, 36.0.3, 36.0.4, 37.0, 37.0.1, 37.0.2, 38.0, 38.0.1, 38.0.5, 38.1.0, 38.1.1, 38.2.0, 38.2.1, 38.3.0, 38.4.0, 38.5.0, 38.5.1, 38.5.2, 38.6.0, 38.6.1, 38.7.0, 38.7.1, 38.8.0, 39.0, 39.0.3, 40.0, 40.0.2, 40.0.3, 41.0, 41.0.1, 41.0.2, 42.0, 43.0, 43.0.1, 43.0.2, 43.0.3, 43.0.4, 44.0, 44.0.1, 44.0.2, 45.0, 45.0.1, 45.0.2, 45.1.1, 45.2.0, 45.3.0, 45.4.0, 45.5.0, 45.5.1, 45.6.0, 45.7.0, 45.8.0, 45.9.0, 46.0, 46.0.1, 47.0, 47.0.1, 47.0.2, 48.0, 48.0.1, 48.0.2, 49.0, 49.0.1, 49.0.2, 50, 50.0, 50.0.1, 50.0.2, 50.1.0, 51.0, 51.0.1, 51.0.3, 52.0, 52.0.1, 52.0.2, 52.1.0, 52.1.1, 52.1.2, 52.2.0, 52.2.1, 52.3.0, 52.4.0, 52.4.1, 52.5.0, 52.5.2, 52.5.3, 52.6.0, 52.7.0, 52.7.1, 52.7.2, 52.7.3, 52.7.4, 52.8.0, 52.8.1, 52.9.0, 53.0, 53.0.2, 53.0.3, 54.0, 54.0.1, 55.0, 55.0.1, 55.0.2, 55.0.3, 56.0, 56.0.1, 56.0.2
MozillaFirefox Esr10.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, 10.0.5, 10.0.6, 10.0.7, 10.0.8, 10.0.9, 10.0.10, 10.0.11, 10.0.12, 17.0, 17.0.1, 17.0.2, 17.0.3, 17.0.4, 17.0.5, 17.0.6, 17.0.7, 17.0.8, 17.0.9, 17.0.10, 17.0.11, 24.0, 24.0.1, 24.0.2, 24.1.0, 24.1.1, 24.2, 24.3, 24.4, 24.5, 24.6, 24.7, 24.8, 31.0, 31.1, 31.1.0, 31.1.1, 31.2, 31.3, 31.3.0, 31.4, 31.5, 31.5.1, 31.5.2, 31.5.3, 31.6, 31.7, 31.8, 38.0, 38.0.1, 38.0.5, 38.1.0, 38.1.1, 38.2.0, 38.2.1, 38.3.0, 38.4.0, 38.5.0, 38.5.1, 38.5.2, 38.6.0, 38.6.1, 38.7.0, 38.7.1, 38.8.0, 45.0, 45.0.1, 45.0.2, 45.1.0, 45.1.1, 45.2.0, 45.3.0, 45.4.0, 45.5.0, 45.5.1, 45.6.0, 45.7.0, 45.8.0, 45.9.0, 52.0, 52.1.0, 52.1.1, 52.1.2, 52.2.0, 52.2.1, 52.3.0, 52.4.0, 52.4.1
MozillaThunderbird-, 0.1, 0.2, 0.3, 0.4, 0.5, 0.6, 0.7, 0.7.1, 0.7.2, 0.7.3, 0.8, 0.9, 1.0, 1.0.2, 1.0.5, 1.0.6, 1.0.7, 1.0.8, 1.1, 1.5, 1.5.0.2, 1.5.0.4, 1.5.0.5, 1.5.0.7, 1.5.0.8, 1.5.0.9, 1.5.0.10, 1.5.0.12, 1.5.0.13, 1.5.0.14, 2.0, 2.0.0.0, 2.0.0.4, 2.0.0.5, 2.0.0.6, 2.0.0.9, 2.0.0.12, 2.0.0.14, 2.0.0.16, 2.0.0.17, 2.0.0.18, 2.0.0.19, 2.0.0.21, 2.0.0.22, 2.0.0.23, 2.0.0.24, 2.0.14, 3.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, 3.1, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.8, 3.1.9, 3.1.10, 3.1.11, 3.1.12, 3.1.13, 3.1.14, 3.1.15, 3.1.16, 3.1.17, 3.1.18, 3.1.19, 3.1.20, 3.3, 5.0, 6.0, 6.0.1, 6.0.2, 7.0, 7.0.1, 8.0, 9.0, 9.0.1, 10.0, 10.0.1, 10.0.2, 11.0, 11.0.1, 12.0, 12.0.1, 13.0, 13.0.1, 14.0, 15.0, 15.0.1, 16.0, 16.0.1, 16.0.2, 17.0, 17.0.2, 17.0.3, 17.0.4, 17.0.5, 17.0.6, 17.0.7, 17.0.8, 17.0.9, 17.0.10, 18.0, 19.0, 20.0, 21.0, 22.0, 23.0, 24.0, 24.0.1, 24.1.0, 24.1.1, 24.2.0, 24.3.0, 24.4.0, 24.5.0, 24.6.0, 24.7.0, 24.8.0, 24.8.1, 25.0, 26.0, 27.0, 28.0, 29.0, 30.0, 31.0, 31.1.0, 31.1.1, 31.1.2, 31.2.0, 31.3.0, 31.4.0, 31.5.0, 31.6.0, 31.7.0, 31.8.0, 32.0, 33.0, 34.0, 36.0, 37.0, 38.0, 38.0.1, 38.1.0, 38.2.0, 38.3.0, 38.4.0, 38.5.0, 38.5.1, 38.6.0, 38.7.0, 38.7.1, 38.7.2, 38.8.0, 40.0, 41.0, 42.0, 43.0, 44.0, 45.0, 45.1, 45.1.0, 45.1.1, 45.2, 45.2.0, 45.3.0, 45.4.0, 45.5.0, 45.5.1, 45.6.0, 45.7.0, 45.7.1, 45.8.0, 47.0, 49.0, 50.0, 51.0, 52.0, 52.0.1, 52.1.0, 52.1.1, 52.2.0, 52.2.1, 52.3.0, 52.4.0
DebianDebian Linux7.0, 8.0, 9.0
RedhatEnterprise Linux Desktop6.0, 7.0
RedhatEnterprise Linux Server6.0, 7.0
RedhatEnterprise Linux Server Aus7.4
RedhatEnterprise Linux Server Eus7.4, 7.5
RedhatEnterprise Linux Workstation6.0, 7.0

Vendor Advisories

Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Topic An update for thunderbird is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerab ...
Synopsis Critical: firefox security update Type/Severity Security Advisory: Critical Topic An update for firefox is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scori ...
Several security issues were fixed in Thunderbird ...
Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service For the oldstable distribution (jessie), these problems have been fixed in version 1:5250-1~deb8u1 For the stable distribution (stretch), these problems have been fixed in version 1:5250-1~deb9u1 We recommend that y ...
The Resource Timing API incorrectly revealed navigations in cross-origin iframes This is a same-origin policy violation and could allow for data theft of URLs loaded by users This vulnerability affects Firefox &lt; 57, Firefox ESR &lt; 525, and Thunderbird &lt; 525 ...
Security vulnerabilities fixed in Firefox ESR 525 Announced November 14, 2017 Impact critical Products Firefox ESR Fixed in Firefox ESR 525 ...
About Apple security updatesFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page For more information about security, see the Apple Product Security page You can encrypt ...
Security vulnerabilities fixed in Thunderbird 525 Announced November 23, 2017 Impact critical Products Thunderbird Fixed in Thunderbird 525 ...
The Resource Timing API in Firefox before 570 and Thunderbird before 525 incorrectly revealed navigations in cross-origin iframes This is a same-origin policy violation and could allow for data theft of URLs loaded by users ...
About Apple security updatesFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page For more information about security, see the Apple Product Security page You can encrypt ...
About Apple security updatesFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page For more information about security, see the Apple Product Security page You can encrypt ...
Arch Linux Security Advisory ASA-201711-43 ========================================== Severity: Critical Date : 2017-11-30 CVE-ID : CVE-2017-7826 CVE-2017-7828 CVE-2017-7830 Package : thunderbird Type : multiple issues Remote : Yes Link : securityarchlinuxorg/AVG-530 Summary ======= The package thunderbird before version 52 ...
Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service, information disclosure or spoofing of sender's email addresses For the oldstable distribution (jessie), these problems have been fixed in version 1:5252-2~deb8u1 For the stable distribution (stretch), these problems hav ...
About Apple security updatesFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page For more information about security, see the Apple Product Security page You can encrypt ...
About Apple security updatesFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page For more information about security, see the Apple Product Security page You can encrypt ...
Firefox could be made to crash or run programs as your login if it opened a malicious website ...
About Apple security updatesFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page For more information about security, see the Apple Product Security page You can encrypt ...
USN-3477-1 caused a regression in Firefox ...
USN-3477-1 caused a regression in Firefox ...
USN-3477-1 caused some minor regressions in Firefox ...
Arch Linux Security Advisory ASA-201711-23 ========================================== Severity: Critical Date : 2017-11-15 CVE-ID : CVE-2017-7826 CVE-2017-7827 CVE-2017-7828 CVE-2017-7830 CVE-2017-7831 CVE-2017-7832 CVE-2017-7833 CVE-2017-7834 CVE-2017-7835 CVE-2017-7836 CVE-2017-7837 CVE-2017-7838 CVE-2017-7839 C ...
Security vulnerabilities fixed in Firefox 57 Announced November 14, 2017 Impact critical Products Firefox Fixed in Firefox 57 ...
Oracle Linux Bulletin - October 2017 Description The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin Oracle Linux Bulletins are published on the same day as Oracle Critical ...
Oracle Solaris Third Party Bulletin - October 2017 Description The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities fixed in third party software that is included in Oracle Solaris distributions Starting January 20, 2015, Third Party Bulletins are released on the same day when Oracle Critic ...