CVE-2017-7812

MEDIUM

Description

If web content on a page is dragged onto portions of the browser UI, such as the tab bar, links can be opened that otherwise would not be allowed to open. This can allow malicious web content to open a locally stored file through "file:" URLs. This vulnerability affects Firefox < 56.

References

http://www.securityfocus.com/bid/101057

http://www.securitytracker.com/id/1039465

https://bugzilla.mozilla.org/show_bug.cgi?id=1379842

https://www.mozilla.org/security/advisories/mfsa2017-21/

Details

Source: MITRE

Published: 2018-06-11

Updated: 2018-06-25

Type: CWE-200

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3.0

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Impact Score: 1.4

Exploitability Score: 3.9

Severity: MEDIUM