Home > Vulnerability Database > CVE-2017-7839

Mend.io Vulnerability Database

CVE-2017-7839

Good to know:

Date: June 11, 2018

Control characters prepended before "javascript:" URLs pasted in the addressbar can cause the leading characters to be ignored and the pasted JavaScript to be executed instead of being blocked. This could be used in social engineering and self-cross-site-scripting (self-XSS) attacks where users are convinced to copy and paste text into the addressbar. This vulnerability affects Firefox < 57.

Language: Unix

Severity Score

6.1

Related Resources (7)

Url: https://nvd.nist.gov/vuln/detail/CVE-2017-7839

Url: https://www.mozilla.org/security/advisories/mfsa2017-24/

Url: http://www.securitytracker.com/id/1039803

Url: http://www.securityfocus.com/bid/101832

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2017-7839

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=1402896

Url: https://www.mend.io/vulnerability-database/CVE-2017-7839

Severity Score

6.1

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

Top Fix

Upgrade Version

Upgrade to version firefox - 57.0-1

Learn More

CVSS v3.1

Base Score:	6.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2017-7839

Good to know:

Date: June 11, 2018

Language: Unix

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?