PT-2017-17929 · Mozilla+4 · Firefox+4

Jun Kokatsu

Published

2017-06-13

Updated

2018-07-30

CVE-2017-7762

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 54

Description The issue allows for spoofing the domain of the current page by not stripping the username and password section of URLs displayed in the address bar when entered directly in Reader Mode.

Recommendations For versions prior to 54, update to version 54 or later to resolve the issue.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2017-1886

ALT-PU-2018-1854

CESA-2018_2112

CESA-2018_2113

CVE-2017-7762

RHSA-2018:2112

RHSA-2018:2113

RHSA-2018_2112

RHSA-2018_2113

USN-3315-1

Affected Products

Alt Linux

Centos

Firefox

Red Hat

Ubuntu

PT-2017-17929 · Mozilla+4 · Firefox+4

CVE-2017-7762

Weakness Enumeration

Related Identifiers

Affected Products

References · 34