CVE-2017-5378

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-5378

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-5378.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2017-5378

Downstream

DEBIAN-CVE-2017-5378

DLA-800-1

DLA-896-1

DSA-3771-1

DSA-3832-1

RHSA-2017:0190

RHSA-2017:0238

SUSE-SU-2017:0426-1

SUSE-SU-2017:0427-1

UBUNTU-CVE-2017-5378

USN-3165-1

USN-3175-1

openSUSE-SU-2017:0354-1

openSUSE-SU-2017:0357-1

openSUSE-SU-2024:10600-1

openSUSE-SU-2024:10601-1

openSUSE-SU-2024:14572-1

Related

Published

2018-06-11T21:29:02Z

Modified

2025-08-09T20:01:28Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an object's content using these hash codes. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.

References

Affected packages