CVE-2017-7840

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 57

Description The issue is related to insufficient protection measures of the web page structure in Mozilla Firefox, which can be exploited for remote cross-site scripting attacks. An attacker can inject JavaScript code into an exported bookmarks file by placing the code into user-supplied tags in saved bookmarks. If the resulting exported HTML file is later opened in a browser, the JavaScript code will be executed, potentially leading to social engineering and self-cross-site-scripting (self-XSS) attacks.

Recommendations For versions prior to 57, update to version 57 or later to resolve the issue. As a temporary workaround, consider avoiding the export and opening of bookmarks files that may contain malicious tags until a patch is applied. Restrict the use of user-supplied tags in saved bookmarks to minimize the risk of exploitation.