Other IDs this deficiency may be known by:
|Date Last Modified
Version Specific Information:
|Cucumber 1.0 i686||fixed in firefox-52.5.2esr-i686-1 |
|Cucumber 1.0 x86_64||fixed in firefox-52.5.2esr-x86_64-1 |
|Cucumber 1.1 i686
||fixed in firefox-52.5.2esr-i686-1 |
|Cucumber 1.1 x86_64
||fixed in firefox-52.5.2esr-x86_64-1 |
================================ Initial Report ================================
From Mozilla Fondation Security Advisory
When Private Browsing mode is used, it is possible for a web worker to write
persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should
not be available in Private Browsing mode and this stored data will persist
across multiple private browsing mode sessions because it is not cleared when
================================= Our Analysis =================================
----- Affected Products -----
As far as we know, this vulnerability affects all versions of Firefox prior to
52.5.2 ESR or 57.0.1. This includes Firefox as originally packaged on Cucumber
Linux 1.0 and 1.1.
----- Scope and Impact of this Vulnerability -----
This vulnerability allows a website to write persistant data to your browser's
database while in private browsing mode. It is not supposed to be possible for
data to persist across multiple private browsing sessions.
----- Fix for this Vulnerability -----
Upgrade to Firefox 52.5.2 or 57.0.1.
================================= Our Solution =================================
We have upgraded to Firefox 52.5.2.