Main Vulnerability Database SB2017030710

SB2017030710 - Same-origin policy bypass in Mozilla Firefox

Published: March 7, 2017

Security Bulletin ID SB2017030710

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Same-origin policy bypass (CVE-ID: CVE-2017-5407)

The vulnerability allows a remote attacker to bypass same-origin policy.

The vulnerability exists due to an error when parsing SVG filters that do not use the fixed point math implementation on a target iframe. Remote attacker can create a specially crafted Web page, trick the victim into visiting it and make a malicious page can extract pixel values from a targeted user.

Successful exploitation of the vulnerability may allow an attacker to extract history information and read text values across domains.

Remediation

Install update from vendor's website.

References

https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5400