PT-2017-4027 · Mozilla+2 · Firefox+2

Ben Kelly

·

Published

2017-09-22

·

Updated

2024-12-12

·

CVE-2017-7835

CVSS v2.0

7.5

High

VectorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 57
Description The issue is related to mixed content blocking in Firefox, where insecure HTTP sub-resources in a secure HTTPS document were not correctly blocked, especially for resources that redirect from HTTPS to HTTP. This allowed content, such as scripts, to be loaded on a page when it should have been blocked. The vulnerability can be exploited to conduct cross-site scripting attacks.
Recommendations For versions prior to 57, update to version 57 or later to resolve the issue. As a temporary workaround, consider restricting access to HTTP resources within HTTPS documents to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

ALT-PU-2017-2721
ALT-PU-2017-2739
ALT-PU-2018-1854
BDU:2021-00213
CVE-2017-7835
OPENSUSE-SU-2024:10600-1
OPENSUSE-SU-2024:14572-1
USN-3477-1
USN-3477-2
USN-3477-3
USN-3477-4

Affected Products

Alt Linux
Firefox
Ubuntu