Main Vulnerability Database Vulnerabilities #VU8623

#VU8623 Blob and data URLs bypass phishing and malware protection warnings in Mozilla Firefox - CVE-2017-7814

Published: September 28, 2017 / Updated: September 29, 2017

Vulnerability identifier: #VU8623

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2017-7814

CWE-ID: CWE-451

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Mozilla Firefox

Software vendor:
Mozilla

Description

The vulnerability allows a remote attacker to bypass phishing and malware protection warnings.

File downloads encoded with blob: and data: URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. This would allow malicious sites to lure users into downloading executables that would otherwise be detected as suspicious.

Remediation

Update to version 56.0.

External links

https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/

#VU8623 Blob and data URLs bypass phishing and malware protection warnings in Mozilla Firefox - CVE-2017-7814

Description

Remediation

External links

Please verify you're human