CVE-2017-7839 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Low
Remote	Yes
Type	Cross-site scripting
Description	Control characters prepended before javascript: URLs pasted in the addressbar in Firefox before 57.0 can cause the leading characters to be ignored and the pasted JavaScript to be executed instead of being blocked. This could be used in social engineering and self-cross-site-scripting (self-XSS) attacks where users are convinced to copy and paste text into the addressbar.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-494	firefox	56.0.2-1	57.0-1	Critical	Fixed

Date	Advisory	Group	Package	Severity	Type
15 Nov 2017	ASA-201711-23	AVG-494	firefox	Critical	multiple issues

References
https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7839 https://bugzilla.mozilla.org/show_bug.cgi?id=1402896