CVE-2017-7834 log
Source |
|
Severity | Medium |
Remote | Yes |
Type | Access restriction bypass |
Description | A data: URL loaded in a new tab of Firefox before 57.0 did not inherit the Content Security Policy (CSP) of the original page, allowing for bypasses of the policy including the execution of JavaScript. In prior versions when data: documents also inherited the context of the original page this would allow for potential cross-site scripting (XSS) attacks. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-494 | firefox | 56.0.2-1 | 57.0-1 | Critical | Fixed |
Date | Advisory | Group | Package | Severity | Type |
---|---|---|---|---|---|
15 Nov 2017 | ASA-201711-23 | AVG-494 | firefox | Critical | multiple issues |
References |
---|
https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7834 https://bugzilla.mozilla.org/show_bug.cgi?id=1358009 |