← volver
CVE-2017-7791

CVE-2017-7791

EPSS 1.8%
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS EPSS 1.8%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
11 jun 2018Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
Productos afectados
Mozilla · FirefoxMozilla · Firefox ESRMozilla · Thunderbird

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://access.redhat.com/errata/RHSA-2017:2456https://access.redhat.com/errata/RHSA-2017:2534https://bugzilla.mozilla.org/show_bug.cgi?id=1365875https://security.gentoo.org/glsa/201803-14https://www.debian.org/security/2017/dsa-3928https://www.debian.org/security/2017/dsa-3968https://www.mozilla.org/security/advisories/mfsa2017-18/https://www.mozilla.org/security/advisories/mfsa2017-19/https://www.mozilla.org/security/advisories/mfsa2017-20/http://www.securityfocus.com/bid/100240http://www.securitytracker.com/id/1039124