cbcvebase.
CVE-2017-5420
published 2018-06-11

CVE-2017-5420: A "javascript:" url loaded by a malicious page can obfuscate its location by blanking the URL displayed in the addressbar, allowing for an attacker to spoof an…

PriorityP426medium6.5CVSS 3.0
AVNACLPRNUIRSUCNIHAN
EPSS
1.29%
66.8th percentile
A "javascript:" url loaded by a malicious page can obfuscate its location by blanking the URL displayed in the addressbar, allowing for an attacker to spoof an existing page without the malicious page's address being displayed correctly. This vulnerability affects Firefox < 52.

Affected

7 ranges
VendorProductVersion rangeFixed in
debianfirefox< firefox 52.0-1 (sid)firefox 52.0-1 (sid)
mozillafirefox< 52.052.0
mozillafirefox>= 0 < 52.0+build2-0ubuntu0.14.04.152.0+build2-0ubuntu0.14.04.1
mozillafirefox>= 0 < 52.0.2+build1-0ubuntu0.14.04.152.0.2+build1-0ubuntu0.14.04.1
mozillafirefox>= 0 < 52.0+build2-0ubuntu0.16.04.152.0+build2-0ubuntu0.16.04.1
mozillafirefox>= 0 < 52.0.2+build1-0ubuntu0.16.04.152.0.2+build1-0ubuntu0.16.04.1
mozillafirefox>= unspecified < 5252

CVSS provenance

nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv9.8CRITICAL
vendor_ubuntu9.8CRITICAL
vendor_debian6.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.