VDB
CVE-2017-5417
CVE-2017-5417
PUBLISHED
When dragging content from the primary browser pane to the addressbar on a malicious site, it is possible to change the addressbar so that the displayed location following navigation does not match the URL of the newly loaded page. This allows for spoofing attacks. This vulnerability affects Firefox < 52.
EPSS 0.37% · 59.1th percentile
Risk Scores
EPSS Score
0.37%
59.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:14.04:LTS | firefox | 0, 25.0+build3-0ubuntu0.13.10.1, 28.0~b2+build1-0ubuntu2 |
| Ubuntu:16.04:LTS | firefox | 0, 42.0+build2-0ubuntu1, 44.0+build3-0ubuntu2 |
Timeline
- Mar 7, 2017 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2017-5417 third-party-advisory
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5417 third-party-advisory
- https://ubuntu.com/security/notices/USN-3216-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2017-5417 third-party-advisory