cbcvebase.
CVE-2017-7812
published 2018-06-11

CVE-2017-7812: If web content on a page is dragged onto portions of the browser UI, such as the tab bar, links can be opened that otherwise would not be allowed to open. This…

PriorityP424medium5.3CVSS 3.0
AVNACLPRNUINSUCLINAN
EPSS
1.28%
66.4th percentile
If web content on a page is dragged onto portions of the browser UI, such as the tab bar, links can be opened that otherwise would not be allowed to open. This can allow malicious web content to open a locally stored file through "file:" URLs. This vulnerability affects Firefox < 56.

Affected

8 ranges
VendorProductVersion rangeFixed in
debianfirefox< firefox 56.0-1 (sid)firefox 56.0-1 (sid)
mozillafirefox<= 55.0.3
mozillafirefox>= 0 < 56.0+build6-0ubuntu0.14.04.156.0+build6-0ubuntu0.14.04.1
mozillafirefox>= 0 < 56.0+build6-0ubuntu0.14.04.256.0+build6-0ubuntu0.14.04.2
mozillafirefox>= 0 < 56.0+build6-0ubuntu0.16.04.156.0+build6-0ubuntu0.16.04.1
mozillafirefox>= 0 < 56.0+build6-0ubuntu0.16.04.256.0+build6-0ubuntu0.16.04.2
mozillafirefox>= 0 < 56.0+build6-0ubuntu156.0+build6-0ubuntu1
mozillafirefox>= unspecified < 5656

CVSS provenance

nvdv3.05.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv9.8CRITICAL
vendor_ubuntu9.8CRITICAL
vendor_debian5.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.