CVE-2017-7812

Published: Jun 11, 2018Modified: Nov 21, 2024

5.3

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

If web content on a page is dragged onto portions of the browser UI, such as the tab bar, links can be opened that otherwise would not be allowed to open. This can allow malicious web content to open a locally stored file through "file:" URLs. This vulnerability affects Firefox < 56.

Affected (1)

Products: Mozilla: Firefox

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Up to 55.0.3

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (8)

http://www.securityfocus.com/bid/101057

Source: security@mozilla.org

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1039465

Source: security@mozilla.org

Third Party AdvisoryVDB Entry

https://bugzilla.mozilla.org/show_bug.cgi?id=1379842

Source: security@mozilla.org

ExploitIssue Tracking

https://www.mozilla.org/security/advisories/mfsa2017-21/

Source: security@mozilla.org

Vendor Advisory

http://www.securityfocus.com/bid/101057

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1039465

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://bugzilla.mozilla.org/show_bug.cgi?id=1379842

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue Tracking

https://www.mozilla.org/security/advisories/mfsa2017-21/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.