CVE-2017-7835 — Mozilla Firefox vulnerability

12 documents5 sources

Severity

7.3HIGHNVD

OSV9.8

EPSS

0.7%

top 28.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Debian Firefox

Timeline

PublishedJun 11

Latest updateMay 13

Description

Mixed content blocking of insecure (HTTP) sub-resources in a secure (HTTPS) document was not correctly applied for resources that redirect from HTTPS to HTTP, allowing content that should be blocked, such as scripts, to be loaded on a page. This vulnerability affects Firefox < 57.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 3.9 | Impact: 3.4

Affected Packages4 packages

▶debiandebian/firefox< firefox 57.0-1 (sid)

▶CVEListV5mozilla/firefoxunspecified — 57

▶Ubuntumozilla/firefox< 57.0+build4-0ubuntu0.14.04.4+8

▶NVDmozilla/firefox56.0.2

🔴Vulnerability Details

GHSA

GHSA-5rh4-37gg-5rpp: Mixed content blocking of insecure (HTTP) sub-resources in a secure (HTTPS) document was not correctly applied for resources that redirect from HTTPS↗2022-05-13

▶

OSV

firefox regression↗2018-01-03

▶

OSV

firefox regressions↗2017-12-01

▶

OSV

firefox regression↗2017-11-27

▶

OSV

firefox vulnerabilities↗2017-11-16

▶

📋Vendor Advisories

Ubuntu

Firefox regression↗2018-01-03

▶

Ubuntu

Firefox regressions↗2017-12-01

▶

Ubuntu

Firefox regression↗2017-11-27

▶

Ubuntu

Firefox vulnerabilities↗2017-11-16

▶

Debian

CVE-2017-7835: firefox - Mixed content blocking of insecure (HTTP) sub-resources in a secure (HTTPS) docu...↗2017

▶