{"id":"CVE-2017-7830","details":"The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox \u003c 57, Firefox ESR \u003c 52.5, and Thunderbird \u003c 52.5.","modified":"2026-04-16T01:44:46.737549231Z","published":"2018-06-11T21:29:11.373Z","related":["SUSE-SU-2017:3213-1","SUSE-SU-2017:3233-1","openSUSE-SU-2017:3108-1","openSUSE-SU-2017:3110-1","openSUSE-SU-2024:10600-1","openSUSE-SU-2024:10601-1","openSUSE-SU-2024:14572-1"],"references":[{"type":"ADVISORY","url":"https://www.debian.org/security/2017/dsa-4061"},{"type":"ADVISORY","url":"https://www.debian.org/security/2017/dsa-4075"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2017-26/"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/101832"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1039803"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:3247"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00018.html"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2017-24/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2017-25/"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:3372"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2017/12/msg00001.html"},{"type":"ADVISORY","url":"https://www.debian.org/security/2017/dsa-4035"},{"type":"REPORT","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1408990"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"fixed":"57.0"}]},{"events":[{"introduced":"0"},{"fixed":"52.5.0"}]},{"events":[{"introduced":"0"},{"fixed":"52.5.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.4"}]},{"events":[{"introduced":"0"},{"last_affected":"7.4"}]},{"events":[{"introduced":"0"},{"last_affected":"7.5"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-7830.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}]}