Oval Definition:oval:org.opensuse.security:def:20177834
Revision Date:2022-06-30Version:1
Title:CVE-2017-7834
Description:

A "data:" URL loaded in a new tab did not inherit the Content Security Policy (CSP) of the original page, allowing for bypasses of the policy including the execution of JavaScript. In prior versions when "data:" documents also inherited the context of the original page this would allow for potential cross-site scripting (XSS) attacks. This vulnerability affects Firefox < 57.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2017-7834
Mitre CVE-2017-7834
SUSE CVE-2017-7834
Platform(s):openSUSE Leap 15.0
openSUSE Tumbleweed
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • MozillaFirefox-60.0-lp150.2 is installed
  • AND MozillaFirefox is signed with openSUSE key
  • OR
  • MozillaFirefox-translations-common-60.0-lp150.2 is installed
  • AND MozillaFirefox-translations-common is signed with openSUSE key
  • OR
  • MozillaFirefox-translations-other-60.0-lp150.2 is installed
  • AND MozillaFirefox-translations-other is signed with openSUSE key
    • Definition Synopsis
  • openSUSE Tumbleweed is installed
  • AND Package Information
  • MozillaFirefox-92.0-1.2 is installed
  • OR MozillaFirefox-branding-upstream-92.0-1.2 is installed
  • OR MozillaFirefox-devel-92.0-1.2 is installed
  • OR MozillaFirefox-translations-common-92.0-1.2 is installed
  • OR MozillaFirefox-translations-other-92.0-1.2 is installed
    • BACK