5.9

CVE-2017-7770

A mechanism where when a new tab is loaded through JavaScript events, if fullscreen mode is then entered, the addressbar will not be rendered. This would allow a malicious site to displayed a spoofed addressbar, showing the location of an arbitrary website instead of the one loaded. Note: this issue only affects Firefox for Android. Desktop Firefox is unaffected. This vulnerability affects Firefox < 54.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox Version < 54.0
   GoogleAndroid Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.15% 0.626
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.9 2.2 3.6
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securitytracker.com/id/1038689
Third Party Advisory
VDB Entry
https://www.mozilla.org/security/advisories/mfsa2017-15/
Vendor Advisory
http://www.securityfocus.com/bid/99049
Third Party Advisory
VDB Entry
https://bugzilla.mozilla.org/show_bug.cgi?id=1317242
Vendor Advisory
Issue Tracking