CVE-2017-5417

MEDIUM

Description

When dragging content from the primary browser pane to the addressbar on a malicious site, it is possible to change the addressbar so that the displayed location following navigation does not match the URL of the newly loaded page. This allows for spoofing attacks. This vulnerability affects Firefox < 52.

References

http://www.securityfocus.com/bid/96692

http://www.securitytracker.com/id/1037966

https://bugzilla.mozilla.org/show_bug.cgi?id=791597

https://www.mozilla.org/security/advisories/mfsa2017-05/

Details

Source: MITRE

Published: 2018-06-11

Updated: 2018-08-02

Type: CWE-20

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3.0

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Impact Score: 1.4

Exploitability Score: 3.9

Severity: MEDIUM