CVE-2017-5417
Last modified
CVE-2017-5417 is a vulnerability of currently unknown severity. When dragging content from the primary browser pane to the addressbar on a malicious site, it is possible to change the addressbar so that the displayed location following navigation does not match the URL of the newly loaded page. This allows for spoofing attacks. EPSS estimates a 1.11% chance of exploitation in the next 30 days.
Description
When dragging content from the primary browser pane to the addressbar on a malicious site, it is possible to change the addressbar so that the displayed location following navigation does not match the URL of the newly loaded page. This allows for spoofing attacks. This vulnerability affects Firefox < 52.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | < 52.0 |
References
- http://www.securityfocus.com/bid/96692Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1037966Third Party Advisory, VDB Entry
- https://bugzilla.mozilla.org/show_bug.cgi?id=791597Issue Tracking, Patch, Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2017-05/Vendor Advisory
- http://www.securityfocus.com/bid/96692Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1037966Third Party Advisory, VDB Entry
- https://bugzilla.mozilla.org/show_bug.cgi?id=791597Issue Tracking, Patch, Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2017-05/Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-5417?
How severe is CVE-2017-5417?
How do I fix CVE-2017-5417?
Are you affected by CVE-2017-5417?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST