7.8

CVE-2017-7814

File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. This would allow malicious sites to lure users into downloading executables that would otherwise be detected as suspicious. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox Version < 52.4.0
MozillaFirefox Version < 56.0
MozillaThunderbird Version < 52.4.0
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.23% 0.651
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://security.gentoo.org/glsa/201803-14
Third Party Advisory
http://www.securitytracker.com/id/1039465
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2017:2831
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2885
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2017/11/msg00000.html
Third Party Advisory
https://www.debian.org/security/2017/dsa-3987
Third Party Advisory
https://www.debian.org/security/2017/dsa-4014
Third Party Advisory
https://www.mozilla.org/security/advisories/mfsa2017-21/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2017-22/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2017-23/
Vendor Advisory
http://www.securityfocus.com/bid/101059
Third Party Advisory
VDB Entry
https://bugzilla.mozilla.org/show_bug.cgi?id=1376036
Patch
Third Party Advisory
Issue Tracking