#VU8627 Security restrictions bypass in Mozilla Firefox - CVE-2017-7816
Published: September 28, 2017 / Updated: September 29, 2017
Vulnerability identifier: #VU8627
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-7816
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Mozilla Firefox
Mozilla Firefox
Software vendor:
Mozilla
Mozilla
Description
The vulnerability allows a remote attacker to bypass certain security restrictions.
WebExtensions could use popups and panels in the extension UI to load an
WebExtensions could use popups and panels in the extension UI to load an
about: privileged URL, violating security checks that disallow this behavior. Remediation
Update to version 56.0.