Security restrictions bypass in Mozilla Firefox - CVE-2017-7816
Published: September 28, 2017 / Updated: September 29, 2017
Vulnerability identifier: #VU8627
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-7816
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Mozilla
Affected software:
Mozilla Firefox
Mozilla Firefox
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass certain security restrictions.
WebExtensions could use popups and panels in the extension UI to load an
WebExtensions could use popups and panels in the extension UI to load an
about: privileged URL, violating security checks that disallow this behavior. How to mitigate CVE-2017-7816
Update to version 56.0.