Main Vulnerability Database Vulnerabilities #VU9326

#VU9326 Self-XSS prevention mechanism bypass in Mozilla Firefox - CVE-2017-7839

Published: November 15, 2017

Vulnerability identifier: #VU9326

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-7839

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Mozilla Firefox

Software vendor:
Mozilla

Description

The vulnerability allows a remote attacker to bypass certain security restrictions.

Control characters prepended before javascript: URLs pasted in the addressbar can cause the leading characters to be ignored and the pasted JavaScript to be executed instead of being blocked. This could be used in social engineering and self-cross-site-scripting (self-XSS) attacks where users are convinced to copy and paste text into the addressbar.

Remediation

Update to version Firefox 57.

External links

https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/

#VU9326 Self-XSS prevention mechanism bypass in Mozilla Firefox - CVE-2017-7839

Description

Remediation

External links

Please verify you're human