CVE-2017-7834 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Access restriction bypass
Description	A data: URL loaded in a new tab of Firefox before 57.0 did not inherit the Content Security Policy (CSP) of the original page, allowing for bypasses of the policy including the execution of JavaScript. In prior versions when data: documents also inherited the context of the original page this would allow for potential cross-site scripting (XSS) attacks.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-494	firefox	56.0.2-1	57.0-1	Critical	Fixed

Date	Advisory	Group	Package	Severity	Type
15 Nov 2017	ASA-201711-23	AVG-494	firefox	Critical	multiple issues

References
https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7834 https://bugzilla.mozilla.org/show_bug.cgi?id=1358009