PT-2017-3378 · Mozilla+5 · Firefox Esr+7

François Marier

·

Publicado

2017-06-23

·

Atualizado

2024-12-12

·

CVE-2017-7814

CVSS v2.0

8.3

Alta

VetorAV:N/AC:M/Au:N/C:P/I:P/A:C
Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 56 Mozilla Firefox ESR versions prior to 52.4 Mozilla Thunderbird versions prior to 52.4
Description The issue is related to the Phishing and Malware Protection feature, which failed to properly check file downloads encoded with blob: and data: URL elements. This allowed malicious sites to bypass normal file download checks and block lists of suspicious sites and files, potentially luring users into downloading executables that would otherwise be detected as suspicious. The vulnerability can be exploited by a remote attacker to conduct phishing attacks.
Recommendations For Mozilla Firefox versions prior to 56, update to version 56 or later to resolve the issue. For Mozilla Firefox ESR versions prior to 52.4, update to version 52.4 or later to resolve the issue. For Mozilla Thunderbird versions prior to 52.4, update to version 52.4 or later to resolve the issue.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-494CWE-20

Identificadores relacionados

ALT-PU-2017-2358
ALT-PU-2017-2390
ALT-PU-2017-2437
ALT-PU-2018-1854
BDU:2018-00160
CESA-2017_2831
CESA-2017_2885
CVE-2017-7814
DLA-1118-1
DLA-1153-1
DSA-3987-1
DSA-4014-1
MGASA-2017-0361
MGASA-2018-0018
OPENSUSE-SU-2017:2707-1
OPENSUSE-SU-2017:2710-1
OPENSUSE-SU-2017_2615-1
OPENSUSE-SU-2017_2710-1
OPENSUSE-SU-2024:10600-1
OPENSUSE-SU-2024:10601-1
OPENSUSE-SU-2024:14572-1
RHSA-2017:2831
RHSA-2017:2885
RHSA-2017_2831
RHSA-2017_2885
SUSE-SU-2017:2688-1
SUSE-SU-2017:2872-1
SUSE-SU-2017:2872-2
USN-3435-1
USN-3435-2
USN-3436-1

Produtos afetados

Alt Linux
Centos
Firefox
Firefox Esr
Thunderbird
Red Hat
Suse
Ubuntu