CVE-2017-7812: Infoleak
First published: Thu Sep 28 2017(Updated: )
If web content on a page is dragged onto portions of the browser UI, such as the tab bar, links can be opened that otherwise would not be allowed to open. This can allow malicious web content to open a locally stored file through "file:" URLs. This vulnerability affects Firefox < 56.
Credit: security@mozilla.org security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox | <56 | 56 |
| Mozilla Firefox | <=55.0.3 | |
| debian/firefox | 131.0-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.mozilla.org/show_bug.cgi?id=1379842
- https://www.mozilla.org/security/advisories/mfsa2017-21/
- http://www.securityfocus.com/bid/101057
- http://www.securitytracker.com/id/1039465
- https://launchpad.net/bugs/cve/CVE-2017-7812
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7822
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7812
- https://security-tracker.debian.org/tracker/CVE-2017-7812
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7812
- https://nvd.nist.gov/vuln/detail/CVE-2017-7812
- https://ubuntu.com/security/CVE-2017-7812
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is the severity of CVE-2017-7812?
The severity of CVE-2017-7812 is medium with a severity value of 5.3.
How does CVE-2017-7812 affect Firefox?
CVE-2017-7812 affects Firefox versions up to and excluding 56.
How can malicious web content exploit CVE-2017-7812?
Malicious web content can exploit CVE-2017-7812 by opening locally stored files through "file:" URLs when dragged onto portions of the Firefox UI, such as the tab bar.
What is the remedy for CVE-2017-7812 in Firefox?
The remedy for CVE-2017-7812 in Firefox is to update to version 56 or higher.
Where can I find more information about CVE-2017-7812?
You can find more information about CVE-2017-7812 at the following references: [Bugzilla](https://bugzilla.mozilla.org/show_bug.cgi?id=1379842), [Mozilla Security Advisory](https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/), and [SecurityFocus](http://www.securityfocus.com/bid/101057).
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/severity
- agent/weakness
- agent/description
- collector/mozilla-advisory
- agent/software-canonical-lookup-request
- source/Mozilla
- agent/software-canonical-lookup
- collector/nvd-cve
- source/NVD
- collector/nvd-index
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/tags
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/usn-cve
- source/Ubuntu
- vendor/mozilla
- canonical/mozilla firefox
- version/mozilla firefox/55.0.3
- package-manager/debian