CVE-2017-5415medium
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
An attack can use a blob URL and script to spoof an arbitrary addressbar URL prefaced by "blob:" as the protocol, leading to user confusion and further spoofing attacks. This vulnerability affects Firefox < 52.
References
http://www.securityfocus.com/bid/96692
http://www.securitytracker.com/id/1037966
Details
Source: MITRE
Published: 2018-06-11
Updated: 2018-08-07
Type: CWE-20
Risk Information
CVSS v2
Base Score: 5
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Impact Score: 2.9
Exploitability Score: 10
Severity: MEDIUM
CVSS v3
Base Score: 5.3
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Impact Score: 1.4
Exploitability Score: 3.9
Severity: MEDIUM
Vulnerable Software
Configuration 1
OR
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 99121 | Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : firefox regression (USN-3216-2) | Nessus | Ubuntu Local Security Checks | critical |
| 97747 | openSUSE Security Update : MozillaFirefox / mozilla-nss (openSUSE-2017-344) | Nessus | SuSE Local Security Checks | critical |
| 97639 | Mozilla Firefox < 52.0 Multiple Vulnerabilities | Nessus | Windows | critical |
| 97637 | Mozilla Firefox < 52.0 Multiple Vulnerabilities (macOS) | Nessus | MacOS X Local Security Checks | critical |
| 9986 | Mozilla Firefox < 52 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | critical |
| 97600 | Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : firefox vulnerabilities (USN-3216-1) | Nessus | Ubuntu Local Security Checks | critical |
| 97592 | FreeBSD : mozilla -- multiple vulnerabilities (96eca031-1313-4daf-9be2-9d6e1c4f1eb5) | Nessus | FreeBSD Local Security Checks | critical |