Lucene search

K
cvelistMozillaCVELIST:CVE-2017-7789
HistoryJun 11, 2018 - 9:00 p.m.

CVE-2017-7789

2018-06-1121:00:00
mozilla
www.cve.org

6.4 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

50.6%

If a server sends two Strict-Transport-Security (STS) headers for a single connection, they will be rejected as invalid and HTTP Strict Transport Security (HSTS) will not be enabled for the connection. This vulnerability affects Firefox < 55.

CNA Affected

[
  {
    "product": "Firefox",
    "vendor": "Mozilla",
    "versions": [
      {
        "lessThan": "55",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

6.4 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

50.6%