CVE-2017-7839 log

Source
Severity Low
Remote Yes
Type Cross-site scripting
Description
Control characters prepended before javascript: URLs pasted in the addressbar in Firefox before 57.0 can cause the leading characters to be ignored and the pasted JavaScript to be executed instead of being blocked. This could be used in social engineering and self-cross-site-scripting (self-XSS) attacks where users are convinced to copy and paste text into the addressbar.
Group Package Affected Fixed Severity Status Ticket
AVG-494 firefox 56.0.2-1 57.0-1 Critical Fixed
Date Advisory Group Package Severity Description
15 Nov 2017 ASA-201711-23 AVG-494 firefox Critical multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7839
https://bugzilla.mozilla.org/show_bug.cgi?id=1402896