CVE-2017-7839: XSS
First published: Tue Nov 14 2017(Updated: )
Control characters prepended before "javascript:" URLs pasted in the addressbar can cause the leading characters to be ignored and the pasted JavaScript to be executed instead of being blocked. This could be used in social engineering and self-cross-site-scripting (self-XSS) attacks where users are convinced to copy and paste text into the addressbar. This vulnerability affects Firefox < 57.
Credit: security@mozilla.org security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox | <57 | 57 |
| Mozilla Firefox | <=56.0.2 | |
| debian/firefox | 131.0.2-2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.mozilla.org/show_bug.cgi?id=1402896
- https://www.mozilla.org/security/advisories/mfsa2017-24/
- http://www.securityfocus.com/bid/101832
- http://www.securitytracker.com/id/1039803
- https://launchpad.net/bugs/cve/CVE-2017-7839
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7840
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7839
- https://security-tracker.debian.org/tracker/CVE-2017-7839
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7839
- https://nvd.nist.gov/vuln/detail/CVE-2017-7839
- https://ubuntu.com/security/CVE-2017-7839
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is CVE-2017-7839?
CVE-2017-7839 is a vulnerability in Mozilla Firefox that allows control characters prepended before "javascript:" URLs pasted in the address bar to be executed instead of being blocked.
How does CVE-2017-7839 affect users?
CVE-2017-7839 can be used in social engineering and self-cross-site-scripting (self-XSS) attacks where users are tricked into executing malicious JavaScript code.
What is the severity of CVE-2017-7839?
CVE-2017-7839 has a severity level of medium, with a CVSS score of 6.1.
How can users fix CVE-2017-7839?
Users can fix CVE-2017-7839 by updating Mozilla Firefox to version 57 or later.
Where can I find more information about CVE-2017-7839?
More information about CVE-2017-7839 can be found at the following references: [1] [2] [3]
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/severity
- collector/mozilla-advisory
- agent/software-canonical-lookup-request
- source/Mozilla
- agent/software-canonical-lookup
- agent/weakness
- collector/nvd-cve
- source/NVD
- collector/nvd-index
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/usn-cve
- source/Ubuntu
- collector/security-tracker-debian
- source/Debian
- agent/references
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- vendor/mozilla
- canonical/mozilla firefox
- version/mozilla firefox/56.0.2
- package-manager/debian