Vulnerability Name: | CVE-2017-7762 (CCN-127179) | ||||||||||||||||||||||||
Assigned: | 2017-04-20 | ||||||||||||||||||||||||
Published: | 2017-04-20 | ||||||||||||||||||||||||
Updated: | 2018-07-30 | ||||||||||||||||||||||||
Summary: | When entered directly, Reader Mode did not strip the username and password section of URLs displayed in the addressbar. This can be used for spoofing the domain of the current page. This vulnerability affects Firefox < 54. | ||||||||||||||||||||||||
CVSS v3 Severity: | 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) 6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
3.8 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)
6.5 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
| ||||||||||||||||||||||||
CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
| ||||||||||||||||||||||||
Vulnerability Type: | CWE-20 CWE-290 | ||||||||||||||||||||||||
Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2017-7762 Source: BID Type: Third Party Advisory, VDB Entry 99047 Source: CCN Type: BID-99047 Mozilla Firefox CVE-2017-7762 Address Bar Spoofing Vulnerability Source: SECTRACK Type: Third Party Advisory, VDB Entry 1038689 Source: REDHAT Type: Third Party Advisory RHSA-2018:2112 Source: REDHAT Type: Third Party Advisory RHSA-2018:2113 Source: CONFIRM Type: Exploit, Issue Tracking, Patch https://bugzilla.mozilla.org/show_bug.cgi?id=1358248 Source: XF Type: UNKNOWN firefox-cve20177762-spoof(127179) Source: CCN Type: Mozilla Foundation Security Advisory 2017-15 Security vulnerabilities fixed in Firefox 54 Source: CONFIRM Type: Vendor Advisory https://www.mozilla.org/security/advisories/mfsa2017-15/ | ||||||||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration RedHat 4: Configuration RedHat 5: Configuration RedHat 6: Configuration RedHat 7: Configuration RedHat 8: Configuration RedHat 9: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
BACK |