VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-p5g7-qz44-s3gg

Essentials
Severities (8)
References (35)
Severity details (7)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-p5g7-qz44-s3gg
Aliases	CVE-2017-5378
Summary	Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object’s address can be discovered through hash codes, and also allows for data leakage of an object’s content using these hash codes.
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (0)

There are no known CWE.

System	Score	Found at
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5378.json
epss	0.01592	https://api.first.org/data/v1/epss?cve=CVE-2017-5378
cvssv2	4.3	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
archlinux	Critical	https://security.archlinux.org/AVG-157
archlinux	Critical	https://security.archlinux.org/AVG-158
generic_textual	critical	https://www.mozilla.org/en-US/security/advisories/mfsa2017-01
generic_textual	critical	https://www.mozilla.org/en-US/security/advisories/mfsa2017-02
generic_textual	critical	https://www.mozilla.org/en-US/security/advisories/mfsa2017-03

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5378.json
		https://api.first.org/data/v1/epss?cve=CVE-2017-5378
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5386
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1416273		https://bugzilla.redhat.com/show_bug.cgi?id=1416273
ASA-201701-39		https://security.archlinux.org/ASA-201701-39
ASA-201701-40		https://security.archlinux.org/ASA-201701-40
AVG-157		https://security.archlinux.org/AVG-157
AVG-158		https://security.archlinux.org/AVG-158
GLSA-201702-13		https://security.gentoo.org/glsa/201702-13
GLSA-201702-22		https://security.gentoo.org/glsa/201702-22
mfsa2017-01		https://www.mozilla.org/en-US/security/advisories/mfsa2017-01
mfsa2017-02		https://www.mozilla.org/en-US/security/advisories/mfsa2017-02
mfsa2017-03		https://www.mozilla.org/en-US/security/advisories/mfsa2017-03
RHSA-2017:0190		https://access.redhat.com/errata/RHSA-2017:0190
RHSA-2017:0238		https://access.redhat.com/errata/RHSA-2017:0238
USN-3165-1		https://usn.ubuntu.com/3165-1/
USN-3175-1		https://usn.ubuntu.com/3175-1/

No exploits are available.

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5378.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Exploit Prediction Scoring System (EPSS)

Percentile	0.81965
EPSS Score	0.01592
Published At	May 29, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-05-29T08:25:56.994194+00:00	Mozilla Importer	Import	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2017/mfsa2017-03.yml	38.6.0