High severity7.5NVD Advisory· Published Jun 11, 2018· Updated Jun 17, 2026
CVE-2017-7843
CVE-2017-7843
Description
When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persist across multiple private browsing mode sessions because it is not cleared when exiting. This vulnerability affects Firefox ESR < 52.5.2 and Firefox < 57.0.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- osv-coords2 versionspkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweed
< 128.5.1-1.1+ 1 more
- (no CPE)range: < 128.5.1-1.1
- (no CPE)range: < 92.0-1.2
unspecified+ 1 more
- (no CPE)range: unspecified
- (no CPE)range: unspecified
Patches
Vulnerability mechanics
References
9- bugzilla.mozilla.org/show_bug.cginvdExploitIssue TrackingThird Party Advisory
- www.securityfocus.com/bid/102039nvdIssue TrackingThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/102112nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1039954nvdThird Party AdvisoryVDB Entry
- access.redhat.com/errata/RHSA-2017:3382nvdThird Party Advisory
- lists.debian.org/debian-lts-announce/2017/12/msg00003.htmlnvdThird Party Advisory
- www.debian.org/security/2017/dsa-4062nvdThird Party Advisory
- www.mozilla.org/security/advisories/mfsa2017-27/nvdVendor Advisory
- www.mozilla.org/security/advisories/mfsa2017-28/nvdVendor Advisory
News mentions
0No linked articles in our index yet.