#VU7847 Self-XSS in Mozilla Firefox - CVE-2017-7799
Published: August 14, 2017
Vulnerability identifier: #VU7847
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-7799
CWE-ID: CWE-79
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Mozilla Firefox
Mozilla Firefox
Software vendor:
Mozilla
Mozilla
Description
The vulnerability allows a remote attacker to conduct self-XSS attack.
The weakness exists due to JavaScript in the
The weakness exists due to JavaScript in the
about:webrtc page is not sanitized properly being assigned to innerHTML.
A remote attacker can inject and execute malicious script in a victim's
Web browser within the security context of the hosting Web site to
steal the victim's cookie-based authentication credentials. Remediation
Update to version 55.0.