CVE-2017-5421

Published: Jun 11, 2018Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A malicious site could spoof the contents of the print preview window if popup windows are enabled, resulting in user confusion of what site is currently loaded. This vulnerability affects Firefox < 52 and Thunderbird < 52.

Affected (2)

Products: Mozilla: Firefox, Thunderbird

Mozilla

2 products

Firefox

Thunderbird

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Before 52.0.
Mozilla Thunderbird	Before 52.0.

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (10)

http://www.securityfocus.com/bid/96692

Source: security@mozilla.org

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1037966

Source: security@mozilla.org

Third Party AdvisoryVDB Entry

https://bugzilla.mozilla.org/show_bug.cgi?id=1301876

Source: security@mozilla.org

ExploitIssue TrackingPatchVendor Advisory

https://www.mozilla.org/security/advisories/mfsa2017-05/

Source: security@mozilla.org

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2017-09/

Source: security@mozilla.org

Vendor Advisory

http://www.securityfocus.com/bid/96692