CVE-2017-7787

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-7787

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-7787.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2017-7787

Downstream

DEBIAN-CVE-2017-7787

DLA-1053-1

DLA-1087-1

DSA-3928-1

DSA-3968-1

RHSA-2017:2456

RHSA-2017:2534

SUSE-SU-2017:2302-1

SUSE-SU-2017:2589-1

UBUNTU-CVE-2017-7787

USN-3391-1

USN-3416-1

openSUSE-SU-2017:2209-1

openSUSE-SU-2024:10600-1

openSUSE-SU-2024:10601-1

openSUSE-SU-2024:14572-1

Related

Published

2018-06-11T21:29:09Z

Modified

2025-08-09T20:01:26Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

References

Affected packages