CVE-2017-7789

Publication date 4 July 2017

Last updated 24 July 2024

Ubuntu priority

Medium

Why this priority?

Cvss 3 Severity Score

5.3 · Medium

Score breakdown

If a server sends two Strict-Transport-Security (STS) headers for a single connection, they will be rejected as invalid and HTTP Strict Transport Security (HSTS) will not be enabled for the connection. This vulnerability affects Firefox < 55.

Status

Package Ubuntu Release Status
firefox 17.04 zesty
Fixed 55.0.1+build2-0ubuntu0.17.04.2
16.10 yakkety Ignored end of life
16.04 LTS xenial
Fixed 55.0.1+build2-0ubuntu0.16.04.2
14.04 LTS trusty
Fixed 55.0.1+build2-0ubuntu0.14.04.2
mozjs38 17.04 zesty
Not affected
16.10 yakkety Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release

Severity score breakdown

Parameter Value
Base score 5.3 · Medium
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Scope Unchanged
Confidentiality None
Integrity impact Low
Availability impact None
Vector CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References

Related Ubuntu Security Notices (USN)

    • USN-3391-1
    • Firefox vulnerabilities
    • 15 August 2017

Other references