VDB
CVE-2017-7839
CVE-2017-7839
PUBLISHED
Control characters prepended before "javascript:" URLs pasted in the addressbar can cause the leading characters to be ignored and the pasted JavaScript to be executed instead of being blocked. This could be used in social engineering and self-cross-site-scripting (self-XSS) attacks where users are convinced to copy and paste text into the addressbar. This vulnerability affects Firefox < 57.
EPSS 0.63% · 70.8th percentile
Risk Scores
EPSS Score
0.63%
70.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | firefox | *, 0 |
| Ubuntu:16.04:LTS | firefox | 42.0+build2-0ubuntu1, 44.0+build3-0ubuntu2, 44.0.1+build1-0ubuntu1 |
| Ubuntu:14.04:LTS | firefox | 47.0+build3-0ubuntu0.14.04.1, 49.0+build4-0ubuntu0.14.04.1, 49.0.2+build2-0ubuntu0.14.04.1 |
Timeline
- Nov 15, 2017 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2017-7839 third-party-advisory
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/ third-party-advisory
- https://ubuntu.com/security/notices/USN-3477-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2017-7839 third-party-advisory