← Voltar para CVEs
CVE-2017-7839
N/ADescricao
Control characters prepended before "javascript:" URLs pasted in the addressbar can cause the leading characters to be ignored and the pasted JavaScript to be executed instead of being blocked. This could be used in social engineering and self-cross-site-scripting (self-XSS) attacks where users are convinced to copy and paste text into the addressbar. This vulnerability affects Firefox < 57.
Detalhes CVE
Pontuacao CVSS v3.1N/A
Publicado6/11/2018
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
mozilla:firefox
Fraquezas (CWE)
CWE-79
Referencias
http://www.securityfocus.com/bid/101832(security@mozilla.org)
http://www.securitytracker.com/id/1039803(security@mozilla.org)
https://bugzilla.mozilla.org/show_bug.cgi?id=1402896(security@mozilla.org)
https://www.mozilla.org/security/advisories/mfsa2017-24/(security@mozilla.org)
http://www.securityfocus.com/bid/101832(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1039803(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.mozilla.org/show_bug.cgi?id=1402896(af854a3a-2127-422b-91ae-364da2661108)
https://www.mozilla.org/security/advisories/mfsa2017-24/(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.