Insertion of Sensitive Information into Externally-Accessible File or Directory
CVE-2017-5387
Summary
The existence of a specifically requested local file can be found due to the double firing of the "onerror" when the "source" attribute on a "<track>" tag refers to a file that does not exist if the source page is loaded locally. This vulnerability affects Firefox < 51.
- LOW
- LOCAL
- LOW
- UNCHANGED
- NONE
- LOW
- NONE
- NONE
CWE-538 - Insertion of Sensitive Information into Externally-Accessible File or Directory
The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information.
References
Advisory Timeline
- Published