CVE-2017-7789

Publication date 4 July 2017

Last updated 25 August 2025

Ubuntu priority

Medium

Why this priority?

Cvss 3 Severity Score

5.3 · Medium

Score breakdown

Description

If a server sends two Strict-Transport-Security (STS) headers for a single connection, they will be rejected as invalid and HTTP Strict Transport Security (HSTS) will not be enabled for the connection. This vulnerability affects Firefox < 55.

Status

Package Ubuntu Release Status
firefox 17.04 zesty
Fixed 55.0.1+build2-0ubuntu0.17.04.2
16.10 yakkety Ignored end of life
16.04 LTS xenial
Fixed 55.0.1+build2-0ubuntu0.16.04.2
14.04 LTS trusty
Fixed 55.0.1+build2-0ubuntu0.14.04.2
mozjs38 17.04 zesty
Not affected
16.10 yakkety Not in release
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release

Severity score breakdown

CVSS version: CVSS v3.0

Base score 5.3 · Medium

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References

Related Ubuntu Security Notices (USN)

    • USN-3391-1
    • Firefox vulnerabilities
    • 15 August 2017

Other references

Access our resources on patching vulnerabilities