CVE-2017-7812 — Sensitive Information Exposure in Mozilla Firefox

CWE-200 — Sensitive Information Exposure8 documents5 sources

Severity

5.3MEDIUMNVD

OSV9.8

EPSS

0.3%

top 49.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Debian Firefox

Timeline

PublishedJun 11

Latest updateMay 14

Description

If web content on a page is dragged onto portions of the browser UI, such as the tab bar, links can be opened that otherwise would not be allowed to open. This can allow malicious web content to open a locally stored file through "file:" URLs. This vulnerability affects Firefox < 56.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages4 packages

▶debiandebian/firefox< firefox 56.0-1 (sid)

▶CVEListV5mozilla/firefoxunspecified — 56

▶Ubuntumozilla/firefox< 56.0+build6-0ubuntu0.14.04.1+4

▶NVDmozilla/firefox55.0.3

🔴Vulnerability Details

GHSA

GHSA-9hjj-28h8-gp86: If web content on a page is dragged onto portions of the browser UI, such as the tab bar, links can be opened that otherwise would not be allowed to o↗2022-05-14

▶

OSV

firefox regression↗2017-10-04

▶

OSV

firefox vulnerabilities↗2017-10-02

▶

OSV

CVE-2017-7812: If web content on a page is dragged onto portions of the browser UI, such as the tab bar, links can be opened that otherwise would not be allowed to o↗2017-10-02

▶

📋Vendor Advisories

Ubuntu

Firefox regression↗2017-10-04

▶

Ubuntu

Firefox vulnerabilities↗2017-10-02

▶

Debian

CVE-2017-7812: firefox - If web content on a page is dragged onto portions of the browser UI, such as the...↗2017

▶