Main Vulnerability Database Vulnerabilities #VU8623

Blob and data URLs bypass phishing and malware protection warnings in Mozilla Firefox - CVE-2017-7814

Published: September 28, 2017 / Updated: September 29, 2017

Vulnerability identifier: #VU8623

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2017-7814

CWE-ID: CWE-451

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Mozilla

Affected software:
Mozilla Firefox

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass phishing and malware protection warnings.

File downloads encoded with blob: and data: URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. This would allow malicious sites to lure users into downloading executables that would otherwise be detected as suspicious.

How to mitigate CVE-2017-7814

Update to version 56.0.

Sources

https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/

Blob and data URLs bypass phishing and malware protection warnings in Mozilla Firefox - CVE-2017-7814

Detailed vulnerability description

How to mitigate CVE-2017-7814

Sources

Please verify you're human