CVE-2017-7791

Source
Severity Medium
Remote Yes
Type Content spoofing
Description
A content spoofing issue has been found in firefox < 55.0 and thunderbird < 52.3. On pages containing an iframe, the data: protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content.
Group Package Affected Fixed Severity Status Ticket
AVG-385 thunderbird 52.2.1-1 52.3.0-1 Critical Fixed
AVG-375 firefox 54.0.1-1 55.0-1 Critical Fixed
Date Advisory Group Package Severity Description
10 Aug 2017 ASA-201708-3 AVG-375 firefox Critical multiple issues
23 Aug 2017 ASA-201708-18 AVG-385 thunderbird Critical multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/#CVE-2017-7791
https://bugzilla.mozilla.org/show_bug.cgi?id=1365875