5.3

CVE-2017-7791

Exploit
On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.84% 0.762
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securitytracker.com/id/1039124
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2017:2456
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2534
Third Party Advisory
https://security.gentoo.org/glsa/201803-14
Third Party Advisory
https://www.debian.org/security/2017/dsa-3928
Third Party Advisory
https://www.debian.org/security/2017/dsa-3968
Third Party Advisory
https://www.mozilla.org/security/advisories/mfsa2017-18/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2017-19/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2017-20/
Vendor Advisory
http://www.securityfocus.com/bid/100240
Third Party Advisory
VDB Entry
https://bugzilla.mozilla.org/show_bug.cgi?id=1365875
Patch
Vendor Advisory
Exploit
Issue Tracking