High severity7.5NVD Advisory· Published Jun 11, 2018· Updated Jun 17, 2026
CVE-2017-7787
CVE-2017-7787
Description
Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
31- osv-coords28 versionspkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Tumbleweedpkg:rpm/suse/MozillaFirefox-branding-SLED&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/MozillaFirefox-branding-SLED&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSSpkg:rpm/suse/MozillaFirefox-branding-SLED&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATApkg:rpm/suse/MozillaFirefox-branding-SLED&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/MozillaFirefox-branding-SLED&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATApkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/MozillaFirefox&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Package%20Hub%2012
< 128.5.1-1.1+ 27 more
- (no CPE)range: < 128.5.1-1.1
- (no CPE)range: < 92.0-1.2
- (no CPE)range: < 91.1.1-1.1
- (no CPE)range: < 52-24.5.1
- (no CPE)range: < 52-24.5.1
- (no CPE)range: < 52-24.5.1
- (no CPE)range: < 52-24.5.1
- (no CPE)range: < 52-24.5.1
- (no CPE)range: < 52.3.0esr-109.3.1
- (no CPE)range: < 52.3.0esr-109.3.1
- (no CPE)range: < 52.3.0esr-72.9.1
- (no CPE)range: < 52.3.0esr-72.9.1
- (no CPE)range: < 52.3.0esr-72.9.1
- (no CPE)range: < 52.3.0esr-72.9.1
- (no CPE)range: < 52.3.0esr-109.3.1
- (no CPE)range: < 52.3.0esr-109.3.1
- (no CPE)range: < 52.3.0esr-109.3.1
- (no CPE)range: < 52.3.0esr-109.3.1
- (no CPE)range: < 52.3.0esr-109.3.1
- (no CPE)range: < 52.3.0esr-72.9.1
- (no CPE)range: < 52.3.0esr-109.3.1
- (no CPE)range: < 52.3.0esr-109.3.1
- (no CPE)range: < 52.3.0esr-109.3.1
- (no CPE)range: < 52.3.0esr-72.9.1
- (no CPE)range: < 52.3.0esr-109.3.1
- (no CPE)range: < 52.3.0esr-109.3.1
- (no CPE)range: < 52.3.0esr-109.3.1
- (no CPE)range: < 52.3.0-42.1
unspecified+ 1 more
- (no CPE)range: unspecified
- (no CPE)range: unspecified
- Range: unspecified
Patches
Vulnerability mechanics
References
11- bugzilla.mozilla.org/show_bug.cginvdExploitIssue TrackingVendor Advisory
- www.securityfocus.com/bid/100234nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1039124nvdThird Party AdvisoryVDB Entry
- access.redhat.com/errata/RHSA-2017:2456nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2017:2534nvdThird Party Advisory
- security.gentoo.org/glsa/201803-14nvdThird Party Advisory
- www.debian.org/security/2017/dsa-3928nvdThird Party Advisory
- www.debian.org/security/2017/dsa-3968nvdThird Party Advisory
- www.mozilla.org/security/advisories/mfsa2017-18/nvdVendor Advisory
- www.mozilla.org/security/advisories/mfsa2017-19/nvdVendor Advisory
- www.mozilla.org/security/advisories/mfsa2017-20/nvdVendor Advisory
News mentions
0No linked articles in our index yet.