When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persist across multiple private browsing mode sessions because it is not cleared when exiting. This vulnerability affects Firefox ESR < 52.5.2 and Firefox < 57.0.1.

The remote NewStart CGSL host, running version MAIN 4.05, has firefox packages installed that are affected by multiple vulnerabilities:

  - File downloads encoded with blob: and data: URL     elements bypassed normal file download checks though the     Phishing and Malware Protection feature and its block     lists of suspicious sites and files. This would allow     malicious sites to lure users into downloading     executables that would otherwise be detected as     suspicious. This vulnerability affects Firefox < 56,     Firefox ESR < 52.4, and Thunderbird < 52.4.
    (CVE-2017-7814)

  - A use-after-free vulnerability can occur in design mode     when image objects are resized if objects referenced     during the resizing have been freed from memory. This     results in a potentially exploitable crash. This     vulnerability affects Firefox < 56, Firefox ESR < 52.4,     and Thunderbird < 52.4. (CVE-2017-7819)

  - The content security policy (CSP) sandbox directive     did not create a unique origin for the document, causing     it to behave as if the allow-same-origin keyword were     always specified. This could allow a Cross-Site     Scripting (XSS) attack to be launched from unsafe     content. This vulnerability affects Firefox < 56,     Firefox ESR < 52.4, and Thunderbird < 52.4.
    (CVE-2017-7823)

  - A use-after-free vulnerability can occur when an editor     DOM node is deleted prematurely during tree traversal     while still bound to the document. This results in a     potentially exploitable crash. This vulnerability     affects Thunderbird < 52.3, Firefox ESR < 52.3, and     Firefox < 55. (CVE-2017-7809)

  - Memory safety bugs were reported in Firefox 54, Firefox     ESR 52.2, and Thunderbird 52.2. Some of these bugs     showed evidence of memory corruption and we presume that     with enough effort that some of these could be exploited     to run arbitrary code. This vulnerability affects     Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox <     55. (CVE-2017-7779)

  - An out-of-bounds read occurs when applying style rules     to pseudo-elements, such as ::first-line, using cached     style data. This vulnerability affects Thunderbird <     52.3, Firefox ESR < 52.3, and Firefox < 55.
    (CVE-2017-7753)

  - A buffer overflow can occur when manipulating Accessible     Rich Internet Applications (ARIA) attributes within the     DOM. This results in a potentially exploitable crash.
    This vulnerability affects Thunderbird < 52.3, Firefox     ESR < 52.3, and Firefox < 55. (CVE-2017-7785)

  - A buffer overflow can occur when the image renderer     attempts to paint non-displayable SVG elements. This     results in a potentially exploitable crash. This     vulnerability affects Thunderbird < 52.3, Firefox ESR <     52.3, and Firefox < 55. (CVE-2017-7786)

  - Same-origin policy protections can be bypassed on pages     with embedded iframes during page reloads, allowing the     iframes to access content on the top level page, leading     to information disclosure. This vulnerability affects     Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox <     55. (CVE-2017-7787)

  - A buffer overflow will occur when viewing a certificate     in the certificate manager if the certificate has an     extremely long object identifier (OID). This results in     a potentially exploitable crash. This vulnerability     affects Thunderbird < 52.3, Firefox ESR < 52.3, and     Firefox < 55. (CVE-2017-7792)

  - On pages containing an iframe, the data: protocol can     be used to create a modal alert that will render over     arbitrary domains following page navigation, spoofing of     the origin of the modal alert from the iframe content.
    This vulnerability affects Thunderbird < 52.3, Firefox     ESR < 52.3, and Firefox < 55. (CVE-2017-7791)

  - A use-after-free vulnerability can occur in WebSockets     when the object holding the connection is freed before     the disconnection operation is finished. This results in     an exploitable crash. This vulnerability affects     Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox <     55. (CVE-2017-7800)

  - The Developer Tools feature suffers from a XUL injection     vulnerability due to improper sanitization of the web     page source code. In the worst case, this could allow     arbitrary code execution when opening a malicious page     with the style editor tool. This vulnerability affects     Firefox ESR < 52.3 and Firefox < 55. (CVE-2017-7798)

  - A use-after-free vulnerability can occur when     manipulating the DOM during the resize event of an image     element. If these elements have been freed due to a lack     of strong references, a potentially exploitable crash     may occur when the freed elements are accessed. This     vulnerability affects Thunderbird < 52.3, Firefox ESR <     52.3, and Firefox < 55. (CVE-2017-7802)

  - A use-after-free vulnerability can occur while re-     computing layout for a marquee element during window     resizing where the updated style object is freed while     still in use. This results in a potentially exploitable     crash. This vulnerability affects Thunderbird < 52.3,     Firefox ESR < 52.3, and Firefox < 55. (CVE-2017-7801)

  - A mechanism that uses AppCache to hijack a URL in a     domain using fallback by serving the files from a sub-     path on the domain. This has been addressed by requiring     fallback files be inside the manifest directory. This     vulnerability affects Thunderbird < 52.3, Firefox ESR <     52.3, and Firefox < 55. (CVE-2017-7807)

  - When a page's content security policy (CSP) header     contains a sandbox directive, other directives are     ignored. This results in the incorrect enforcement of     CSP. This vulnerability affects Thunderbird < 52.3,     Firefox ESR < 52.3, and Firefox < 55. (CVE-2017-7803)

  - A use-after-free vulnerability can occur when reading an     image observer during frame reconstruction after the     observer has been freed. This results in a potentially     exploitable crash. This vulnerability affects     Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox <     55. (CVE-2017-7784)

  - A use-after-free vulnerability can occur when     manipulating arrays of Accessible Rich Internet     Applications (ARIA) elements within containers through     the DOM. This results in a potentially exploitable     crash. This vulnerability affects Firefox < 56, Firefox     ESR < 52.4, and Thunderbird < 52.4. (CVE-2017-7818)

  - A buffer overflow occurs when drawing and validating     elements with the ANGLE graphics library, used for WebGL     content. This is due to an incorrect value being passed     within the library during checks and results in a     potentially exploitable crash. This vulnerability     affects Firefox < 56, Firefox ESR < 52.4, and     Thunderbird < 52.4. (CVE-2017-7824)

  - Memory safety bugs were reported in Firefox 55 and     Firefox ESR 52.3. Some of these bugs showed evidence of     memory corruption and we presume that with enough effort     that some of these could be exploited to run arbitrary     code. This vulnerability affects Firefox < 56, Firefox     ESR < 52.4, and Thunderbird < 52.4. (CVE-2017-7810)

  - A use-after-free vulnerability can occur in the Fetch     API when the worker or the associated window are freed     when still in use, resulting in a potentially     exploitable crash. This vulnerability affects Firefox <     56, Firefox ESR < 52.4, and Thunderbird < 52.4.
    (CVE-2017-7793)

  - A privacy flaw was discovered in Firefox. In Private     Browsing mode, a web worker could write persistent data     to IndexedDB, which was not cleared when exiting and     would persist across multiple sessions. A malicious     website could exploit the flaw to bypass private-     browsing protections and uniquely fingerprint visitors.
    (CVE-2017-7843)

  - A use-after-free vulnerability can occur when flushing     and resizing layout because the PressShell object has     been freed while still in use. This results in a     potentially exploitable crash during these operations.
    This vulnerability affects Firefox < 57, Firefox ESR <     52.5, and Thunderbird < 52.5. (CVE-2017-7828)

  - Memory safety bugs were reported in Firefox 56 and     Firefox ESR 52.4. Some of these bugs showed evidence of     memory corruption and we presume that with enough effort     that some of these could be exploited to run arbitrary     code. This vulnerability affects Firefox < 57, Firefox     ESR < 52.5, and Thunderbird < 52.5. (CVE-2017-7826)

  - The Resource Timing API incorrectly revealed navigations     in cross-origin iframes. This is a same-origin policy     violation and could allow for data theft of URLs loaded     by users. This vulnerability affects Firefox < 57,     Firefox ESR < 52.5, and Thunderbird < 52.5.
    (CVE-2017-7830)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote NewStart CGSL host, running version MAIN 5.04, has firefox packages installed that are affected by multiple vulnerabilities:

  - A privacy flaw was discovered in Firefox. In Private     Browsing mode, a web worker could write persistent data     to IndexedDB, which was not cleared when exiting and     would persist across multiple sessions. A malicious     website could exploit the flaw to bypass private-     browsing protections and uniquely fingerprint visitors.
    (CVE-2017-7843)

  - A use-after-free vulnerability can occur when flushing     and resizing layout because the PressShell object has     been freed while still in use. This results in a     potentially exploitable crash during these operations.
    This vulnerability affects Firefox < 57, Firefox ESR <     52.5, and Thunderbird < 52.5. (CVE-2017-7828)

  - Memory safety bugs were reported in Firefox 56 and     Firefox ESR 52.4. Some of these bugs showed evidence of     memory corruption and we presume that with enough effort     that some of these could be exploited to run arbitrary     code. This vulnerability affects Firefox < 57, Firefox     ESR < 52.5, and Thunderbird < 52.5. (CVE-2017-7826)

  - The Resource Timing API incorrectly revealed navigations     in cross-origin iframes. This is a same-origin policy     violation and could allow for data theft of URLs loaded     by users. This vulnerability affects Firefox < 57,     Firefox ESR < 52.5, and Thunderbird < 52.5.
    (CVE-2017-7830)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Versions of Mozilla Firefox ESR earlier than 52.5.2 are unpatched for the following vulnerabilities :

 - A flaw exists in the 'FactoryOp::CheckPermission()' function in 'dom/indexedDB/ActorsParent.cpp' that is triggered as a web worker in Private Browsing mode can write to IndexedDB. With a specially crafted web page, a context-dependent attacker can uniquely fingerprint a user even when browsing in Private Browsing mode. (CVE-2017-7843)
 - An overflow condition exists that is triggered as certain input is not properly validated when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library. This may allow a context-dependent attacker to cause a buffer overflow and potentially execute arbitrary code. (CVE-2017-7845)

Versions of Mozilla Firefox earlier than 57.0.1 are unpatched for the following vulnerabilities :

 - A flaw exists in the 'PerDocumentStyleDataImpl::visited_styles_enabled()' function in 'servo/components/style/gecko/data.rs'. The issue is triggered when handling the CSS ':visited' selector for a document being used as an SVG image. With a specially crafted web page, a context-dependent attacker disclose visited history information. (CVE-2017-7844)
 - A flaw exists in the 'FactoryOp::CheckPermission()' function in 'dom/indexedDB/ActorsParent.cpp' that is triggered as a web worker in Private Browsing mode can write to IndexedDB. With a specially crafted web page, a context-dependent attacker can uniquely fingerprint a user even when browsing in Private Browsing mode. (CVE-2017-7843)

Versions of Mozilla Firefox earlier than 57 are unpatched for the following vulnerabilities :

 - A race condition exists in 'dom/media/systemservices/MediaParent.cpp' that is triggered when getting deviceId keys. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - A flaw exists in 'js/src/proxy/DeadObjectProxy.cpp' that is triggered when handling object proxies. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - An unspecified flaw exists in 'xpcom/threads/SystemGroup.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - An overflow condition exists in the 'nr_transport_addr_fmt_ifname_addr_string()' function in 'media/mtransport/third_party/nICEr/src/net/transport_addr.c' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to cause a stack-based buffer overflow and potentially execute arbitrary code.
 - A flaw exists in the 'nsNodeUtils::CloneAndAdopt()' function in 'dom/base/nsNodeUtils.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - A flaw exists in the 'GPUProcessHost::OnChannelClosed()' function in 'gfx/ipc/GPUProcessHost.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - An unspecified flaw exists in 'gfx/layers/AtomicRefCountedWithFinalize.h' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - A flaw exists in the 'NewReactionRecord()' function in 'js/src/builtin/Promise.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - A flaw exists in the 'VerifyCMSDetachedSignatureIncludingCertificate()' function in 'security/manager/ssl/nsDataSignatureVerifier.cpp' that is triggered when handling PKCS#7 signedData content. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - A flaw exists in the 'ContainerLayerComposite::mPrepared()' function in 'gfx/layers/composite/ContainerLayerComposite.cpp' that is triggered when handling layers. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - A flaw exists in the 'MArgumentsLength::computeRange()' function in 'js/src/jit/RangeAnalysis.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - A use-after-free error exists in 'widget/windows/AudioSession.cpp' that is triggered when handling AudioSession objects. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.
 - An unspecified flaw exists that is triggered when handling WebGL texture images. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - A use-after-free flaw exists in the 'nsDocShell::~nsDocShell()' function in 'docshell/base/nsDocShell.cpp' that is triggered when notifying observers. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.
 - A flaw exists in the 'CleanupOSFileConstants()' function in 'dom/system/OSFileConstants.cpp' related to use of uninitialized memory. This may allow a context-dependent attacker to potentially execute arbitrary code.
 - A flaw exists in the 'ApplicationReputationService::~ApplicationReputationService()' function in 'toolkit/components/downloads/ApplicationReputation.cpp' that is triggered as certain pointers are not properly cleared. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - A flaw exists in the 'EnumerableOwnProperties()' function in 'js/src/builtin/Object.cpp' that is triggered when rooting objects. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - A use-after-free flaw exists in the 'CompositorBridgeChild::RecvDidComposite()' function in 'gfx/layers/ipc/CompositorBridgeChild.cpp' that is triggered when handling texture pools. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.
 - A flaw exists in the 'nsViewManager::~nsViewManager()' function in 'view/nsViewManager.cpp' that is triggered as the PresShell object is not properly handled. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - A flaw exists in the 'TLSFilterTransaction::Close()' function in 'netwerk/protocol/http/TunnelUtils.cpp' that is triggered as timers are not properly handled when a transaction is canceled. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - A flaw exists in the 'EventStateManager::DispatchCrossProcessEvent()' function in 'dom/events/EventStateManager.cpp' that is triggered when handling drag events. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - A flaw exists in the 'nsNodeUtils::CloneAndAdopt()' function in 'dom/base/nsNodeUtils.cpp' that is triggered when handling properties of adopted nodes. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - A type confusion flaw exists in the 'PropertyReadNeedsTypeBarrier()' function in 'jit/MIR.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - A logic flaw exists in the 'IsMarkedBlack()' function in 'js/src/gc/Barrier.cpp' that is triggered during gray marking asserts. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - A use-after-free error exists that triggered when flushing and resizing the layout, which may cause the PressShell object to be freed while still in use. This may allow a context-dependent attacker to potentially execute arbitrary code.
 - A flaw exists in the 'HttpBaseChannel::GetPerformance()' function in 'netwerk/protocol/http/HttpBaseChannel.cpp' that is triggered as navigations in cross-origin iframes are revealed. Using the Resource Timing API, a context-dependent attacker to gain access to cross-origin URL information.
 - A flaw exists that is triggered as the security wrapper fails to deny access to certain exposed properties using the deprecated exposedProps mechanism on proxy objects. This may allow a context-dependent attacker to gain access to potentially sensitive information.
 - A flaw exists in the 'nsIDNService::isLabelSafe()' function in 'netwerk/dns/nsIDNService.cpp' that is triggered during the handling of the combined, single character, version of the letter 'i' with any of the potential accents in unicode, such as acute or grave. This combinations do not display properly in punycode. With a specially crafted domain including a dotless version of  'i', a context-dependent attacker can spoof a domain.
 - A flaw exists in the 'nsIDNService::isLabelSafe()' function in 'netwerk/dns/nsIDNService.cpp' that is triggered during the handling of Arabic and Indic vowel marker characters that are combined with Latin characters in a domain name, which can cause the non-latin characters to be eclipsed in the address bar. This may allow a context-dependent attacker to spoof a domain.
 - A flaw exists that is triggered as data: URLs loaded into new tabs do not properly inherit the Content Security Policy (CSP) of the original page. This may allow a context-dependent attacker to bypass protection mechanisms.
 - A flaw exists in the 'nsMixedContentBlocker::AsyncOnChannelRedirect()' function in 'dom/security/nsMixedContentBlocker.cpp' that is triggered as mixed content blocking was not properly applied to resources when being redirected from an HTTPS environment to an HTTP environment. This may allow a context-dependent attacker to bypass restricts and load blocked content on pages.
 - A flaw exists in the 'CurlWrapper::Init()' function in 'toolkit/components/telemetry/pingsender/pingsender_unix_common.cpp' that is triggered as it fails to validate the libcurl library before loading it. This may allow a local attacker to replace libcurl files and gain elevated privileges.
 - A flaw exists in the 'nsContentSink::ProcessMETATag()' function in 'dom/base/nsContentSink.cpp' that is triggered during the handling of <meta> tags in SVG passed via <img> tags. This may allow a context-dependent attacker to set cookies for a page.
 - A flaw exists in 'netwerk/dns/nsIDNService.cpp' that is triggered as Punycode format text is not properly displayed in international domain names when triggered by a sub-domain. This may allow a context-dependent attacker to conduct a limited spoofing attack.
 - A flaw exists in the 'stripUnsafeProtocolOnPaste()' function in 'base/content/browser.js' that is triggered during the handling of control characters before javascript: URLs. This may allow a context-dependent attacker to bypass self-XSS protection mechanisms.
 - A flaw exists in the '_writeItem()' function in 'toolkit/components/places/BookmarkHTMLUtils.jsm' that allows a cross-site scripting (self-XSS) attack. This flaw exists exists because the program does not validate input to exported bookmarks before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in their own browser.
 - A flaw exists that is triggered as the referrer policy is not always honored when handling <link> elements. This may allow a context-dependent attacker to bypass the referrer policy.
 - A flaw exists in the 'PerDocumentStyleDataImpl::visited_styles_enabled()' function in 'servo/components/style/gecko/data.rs'. The issue is triggered when handling the CSS ':visited' selector for a document being used as an SVG image. With a specially crafted web page, a context-dependent attacker disclose visited history information.
 - A flaw exists in the 'FactoryOp::CheckPermission()' function in 'dom/indexedDB/ActorsParent.cpp' that is triggered as a web worker in Private Browsing mode can write to IndexedDB. With a specially crafted web page, a context-dependent attacker can uniquely fingerprint a user even when browsing in Private Browsing mode.
 - An overflow condition exists that is triggered as certain input is not properly validated when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library. This may allow a context-dependent attacker to cause a buffer overflow and potentially execute arbitrary code.
 - A flaw exists related to speculative execution, which is used as a performance feature to speed up operations. This optimization can result in memory being cached during conditional branches handling out-of-bounds checks. Using a vulnerable code pattern, or a JIT engine or interpreter to generate such a pattern, an attacker can perform a Flush+Reload or Evict+Reload side-channel attack on the cache and disclose parts of the privileged kernel memory.
 - A flaw exists in the fundamental design related to out-of-order process execution, which is used as a performance feature to speed up operations. This optimization can result in memory being cached before exceptions are raised for restricted memory access. Using transient instructions in combination with a Flush+Reload side-channel attack a local attacker can disclose parts of the privileged kernel memory.
 - A flaw exists related to speculative execution, which is used as a performance feature to speed up operations. This optimization can result in memory being cached during indirect branch prediction. This may allow a local attacker to train the Branch Target Buffer (BTB) to trigger a false prediction to a specially crafted memory location, causing a speculative execution of a crafted gadget and the caching of arbitrary memory. Using a side-channel attack on the cache the attacker can disclose parts of the privileged kernel memory.

The remote host is affected by the vulnerability described in GLSA-201802-03 (Mozilla Firefox: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Mozilla Firefox. Please       review the referenced CVE identifiers for details.
  Impact :

    A remote attacker could entice a user to view a specially crafted web       page, possibly resulting in the execution of arbitrary code with the       privileges of the process or a Denial of Service condition. Furthermore,       a remote attacker may be able to perform Man-in-the-Middle attacks,       obtain sensitive information, spoof the address bar, conduct clickjacking       attacks, bypass security restrictions and protection mechanisms, or have       other unspecified impact.
  Workaround :

    There is no known workaround at this time.

According to the version of the firefox package installed, the EulerOS installation on the remote host is affected by the following vulnerability :

  - A privacy flaw was discovered in Firefox. In Private     Browsing mode, a web worker could write persistent data     to IndexedDB, which was not cleared when exiting and     would persist across multiple sessions. A malicious     website could exploit the flaw to bypass     private-browsing protections and uniquely fingerprint     visitors. (CVE-2017-7843)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for MozillaFirefox to 52.5.2esr fixes the following issue :

  - CVE-2017-7843: Web worker in Private Browsing mode can     write IndexedDB data (boo#1072034, bmo#1410106, MFSA     2017-28)

The version of Mozilla Firefox ESR installed on the remote Windows host is prior to 52.5.2. It is, therefore, affected by multiple vulnerabilities, some of which allow code execution and potentially exploitable crashes.

The version of Mozilla Firefox ESR installed on the remote macOS or Mac OS X host is prior to 52.5.2. It is, therefore, affected by a flaw related to handling Private Mode, web workers, and IndexedDB access that allows an attacker to cause persistent data to exist that can uniquely fingerprint a user.

It was discovered that the Private Browsing mode in the Mozilla Firefox web browser allowed to fingerprint a user across multiple sessions via IndexedDB.

It was discovered that the private browsing mode in Firefox was able to write persistent data to a database, which could lead to websites tracking users even when browsing in this mode.

For Debian 7 'Wheezy', these problems have been fixed in version 52.5.2esr-1~deb7u1.

We recommend that you upgrade your firefox-esr packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An update for firefox is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Mozilla Firefox is an open source web browser.

This update upgrades Firefox to version 52.5.1 ESR.

Security Fix(es) :

* A privacy flaw was discovered in Firefox. In Private Browsing mode, a web worker could write persistent data to IndexedDB, which was not cleared when exiting and would persist across multiple sessions. A malicious website could exploit the flaw to bypass private-browsing protections and uniquely fingerprint visitors. (CVE-2017-7843)

Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Konark as the original reporter.

The version of Mozilla Firefox installed on the remote Windows host is prior to 57.0.1. It is, therefore, affected by multiple vulnerabilities.

Note: CVE-2017-7844 only affects version 57. Earlier releases are not affected.

The version of Mozilla Firefox installed on the remote macOS or Mac OS X host is prior to 57.0.1. It is, therefore, affected by multiple vulnerabilities.

Note: CVE-2017-7844 only affects version 57. Earlier releases are not affected.

This update upgrades Firefox to version 52.5.1 ESR.

Security Fix(es) :

  - A privacy flaw was discovered in Firefox. In Private     Browsing mode, a web worker could write persistent data     to IndexedDB, which was not cleared when exiting and     would persist across multiple sessions. A malicious     website could exploit the flaw to bypass     private-browsing protections and uniquely fingerprint     visitors. (CVE-2017-7843)

The remote Oracle Linux 6 / 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2017-3382 advisory.

    [52.5.1-1.0.1]
    - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one
    - Force requirement of newer gdk-pixbuf2 to ensure a proper update (Todd Vierling) [orabug 19847484]

    [52.5.1-1]
    - Update to 52.5.1 ESR

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Mozilla Foundation reports :

CVE-2017-7843: Web worker in Private Browsing mode can write IndexedDB data

CVE-2017-7844: Visited history information leak through SVG image

The remote Redhat Enterprise Linux 6 / 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2017:3382 advisory.

  - Mozilla: Web worker in Private Browsing mode can write IndexedDB data (CVE-2017-7843)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
127356	NewStart CGSL MAIN 4.05 : firefox Multiple Vulnerabilities (NS-SA-2019-0116)	Nessus	NewStart CGSL Local Security Checks	critical
127141	NewStart CGSL MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2019-0001)	Nessus	NewStart CGSL Local Security Checks	critical
700333	Mozilla Firefox ESR < 52.5.2 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
700323	Mozilla Firefox < 57.0.1 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	low
700322	Mozilla Firefox < 57 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	critical
106884	GLSA-201802-03 : Mozilla Firefox: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
105308	EulerOS 2.0 SP2 : firefox (EulerOS-SA-2017-1327)	Nessus	Huawei Local Security Checks	high
105307	EulerOS 2.0 SP1 : firefox (EulerOS-SA-2017-1326)	Nessus	Huawei Local Security Checks	high
105246	openSUSE Security Update : MozillaFirefox (openSUSE-2017-1366)	Nessus	SuSE Local Security Checks	high
105212	Mozilla Firefox ESR < 52.5.2 Multiple Vulnerabilities	Nessus	Windows	high
105211	Mozilla Firefox ESR < 52.5.2 Private Mode Fingerprinting Vulnerability (macOS)	Nessus	MacOS X Local Security Checks	high
105123	Debian DSA-4062-1 : firefox-esr - security update	Nessus	Debian Local Security Checks	high
105118	Debian DLA-1202-1 : firefox-esr security update	Nessus	Debian Local Security Checks	high
105060	CentOS 6 / 7 : firefox (CESA-2017:3382)	Nessus	CentOS Local Security Checks	high
105040	Mozilla Firefox < 57.0.1 Multiple Vulnerabilities	Nessus	Windows	high
105039	Mozilla Firefox < 57.0.1 Multiple Vulnerabilities (macOS)	Nessus	MacOS X Local Security Checks	high
105030	Scientific Linux Security Update : firefox on SL6.x, SL7.x i386/x86_64 (20171205)	Nessus	Scientific Linux Local Security Checks	high
105027	Oracle Linux 6 / 7 : firefox (ELSA-2017-3382)	Nessus	Oracle Linux Local Security Checks	high
105026	FreeBSD : mozilla -- multiple vulnerabilities (b7e23050-2d5d-4e61-9b48-62e89db222ca)	Nessus	FreeBSD Local Security Checks	high
105018	RHEL 6 / 7 : firefox (RHSA-2017:3382)	Nessus	Red Hat Local Security Checks	high

Detections

Analytics

CVE-2017-7843

high

Tenable Plugins

critical

critical

high

low

critical

critical

high

high

high

high

high

high

high

high

high

high

high

high

high

high