1
PublicDateAtUSN: 2017-08-10
2
Candidate: CVE-2017-7791
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791
6
https://usn.ubuntu.com/usn/usn-3391-1
7
https://usn.ubuntu.com/usn/usn-3416-1
9
On pages containing an iframe, the "data:" protocol can be used to create a
10
modal alert that will render over arbitrary domains following page
11
navigation, spoofing of the origin of the modal alert from the iframe
12
content. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3,
16
tyhicks> mozjs38 contains a copy of the SpiderMonkey JavaScript engine
20
Assigned-to: chrisccoulson
23
upstream_firefox: released (55.0)
24
precise/esm_firefox: DNE
25
trusty_firefox: released (55.0.1+build2-0ubuntu0.14.04.2)
26
vivid/ubuntu-core_firefox: DNE
27
xenial_firefox: released (55.0.1+build2-0ubuntu0.16.04.2)
28
zesty_firefox: released (55.0.1+build2-0ubuntu0.17.04.2)
29
artful_firefox: released (55.0.2+build1-0ubuntu4)
30
bionic_firefox: released (55.0.2+build1-0ubuntu4)
31
devel_firefox: released (55.0.2+build1-0ubuntu4)
34
Priority_thunderbird: low
35
upstream_thunderbird: released (52.3.0)
36
precise/esm_thunderbird: DNE
37
trusty_thunderbird: released (1:52.3.0+build1-0ubuntu0.14.04.1)
38
vivid/ubuntu-core_thunderbird: DNE
39
xenial_thunderbird: released (1:52.3.0+build1-0ubuntu0.16.04.1)
40
zesty_thunderbird: released (1:52.3.0+build1-0ubuntu0.17.04.1)
41
artful_thunderbird: released (1:52.4.0+build1-0ubuntu2)
42
bionic_thunderbird: released (1:52.4.0+build1-0ubuntu2)
43
devel_thunderbird: released (1:52.4.0+build1-0ubuntu2)
46
upstream_mozjs38: needs-triage
47
precise/esm_mozjs38: DNE
49
vivid/ubuntu-core_mozjs38: DNE
51
zesty_mozjs38: ignored (reached end-of-life)
52
artful_mozjs38: needs-triage
53
bionic_mozjs38: needs-triage
54
devel_mozjs38: needs-triage