CVE-2017-7821
First published: Thu Sep 28 2017(Updated: )
A vulnerability where WebExtensions can download and attempt to open a file of some non-executable file types. This can be triggered without specific user interaction for the file download and open actions. This could be used to trigger known vulnerabilities in the programs that handle those document types.
Credit: security@mozilla.org security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox | <56 | 56 |
| Mozilla Firefox | <=55.0.3 | |
| debian/firefox | 131.0.2-2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.mozilla.org/show_bug.cgi?id=1346515
- https://www.mozilla.org/security/advisories/mfsa2017-21/
- http://www.securityfocus.com/bid/101057
- http://www.securitytracker.com/id/1039465
- https://launchpad.net/bugs/cve/CVE-2017-7821
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7822
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7821
- https://security-tracker.debian.org/tracker/CVE-2017-7821
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7821
- https://nvd.nist.gov/vuln/detail/CVE-2017-7821
- https://ubuntu.com/security/CVE-2017-7821
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is CVE-2017-7821?
CVE-2017-7821 is a vulnerability in Mozilla Firefox where WebExtensions can download and attempt to open a file of some non-executable file types.
What is the severity of CVE-2017-7821?
The severity of CVE-2017-7821 is critical, with a severity value of 9.8.
Which software is affected by CVE-2017-7821?
Mozilla Firefox versions up to but excluding 56.0.3 are affected by CVE-2017-7821.
How can CVE-2017-7821 be exploited?
This vulnerability can be exploited by triggering download and open actions of non-executable file types through WebExtensions without specific user interaction.
Where can I find more information about CVE-2017-7821?
More information about CVE-2017-7821 can be found at the following references: [1] [2] [3].
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/severity
- agent/weakness
- agent/description
- collector/mozilla-advisory
- agent/software-canonical-lookup-request
- source/Mozilla
- agent/software-canonical-lookup
- collector/nvd-cve
- source/NVD
- collector/nvd-index
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/usn-cve
- source/Ubuntu
- vendor/mozilla
- canonical/mozilla firefox
- version/mozilla firefox/55.0.3
- package-manager/debian