CVE-2017-7791 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Content spoofing
Description	A content spoofing issue has been found in firefox < 55.0 and thunderbird < 52.3. On pages containing an iframe, the data: protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-385	thunderbird	52.2.1-1	52.3.0-1	Critical	Fixed
AVG-375	firefox	54.0.1-1	55.0-1	Critical	Fixed

Date	Advisory	Group	Package	Severity	Type
10 Aug 2017	ASA-201708-3	AVG-375	firefox	Critical	multiple issues
23 Aug 2017	ASA-201708-18	AVG-385	thunderbird	Critical	multiple issues

References
https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/#CVE-2017-7791 https://bugzilla.mozilla.org/show_bug.cgi?id=1365875