CVE-2017-7807 — Improper Input Validation in Mozilla Firefox
Severity
8.1HIGHNVD
OSV9.1
EPSS
0.8%
top 26.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 11
Latest updateMay 13
Description
A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifest directory. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2
Affected Packages10 packages
Also affects: Debian Linux 8.0, 9.0, Enterprise Linux 6.0, 7.0, 7.3, 7.4, 7.5
Patches
🔴Vulnerability Details
7GHSA▶
GHSA-4g4m-5m32-4h55: A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain↗2022-05-13
OSV▶
CVE-2017-7807: A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain↗2018-06-11
CVEList▶
CVE-2017-7807: A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain↗2018-06-11
📋Vendor Advisories
4💬Community
1Bugzilla
▶