CVE-2017-7762
UnknownEPSS 1.94%
Last modified
CVE-2017-7762 is a vulnerability of currently unknown severity. When entered directly, Reader Mode did not strip the username and password section of URLs displayed in the addressbar. This can be used for spoofing the domain of the current page. EPSS estimates a 1.94% chance of exploitation in the next 30 days.
Description
When entered directly, Reader Mode did not strip the username and password section of URLs displayed in the addressbar. This can be used for spoofing the domain of the current page. This vulnerability affects Firefox < 54.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Enterprise Linux Desktop | 6.0 |
| Redhat | Enterprise Linux Desktop | 7.0 |
| Redhat | Enterprise Linux Server | 6.0 |
| Redhat | Enterprise Linux Server | 7.0 |
| Redhat | Enterprise Linux Workstation | 6.0 |
| Redhat | Enterprise Linux Workstation | 7.0 |
| Mozilla | Firefox | < 54.0 |
References
- http://www.securityfocus.com/bid/99047Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1038689Third Party Advisory, VDB Entry
- https://access.redhat.com/errata/RHSA-2018:2112Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:2113Third Party Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=1358248Exploit, Issue Tracking, Patch
- https://www.mozilla.org/security/advisories/mfsa2017-15/Vendor Advisory
- http://www.securityfocus.com/bid/99047Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1038689Third Party Advisory, VDB Entry
- https://access.redhat.com/errata/RHSA-2018:2112Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:2113Third Party Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=1358248Exploit, Issue Tracking, Patch
- https://www.mozilla.org/security/advisories/mfsa2017-15/Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-7762?
When entered directly, Reader Mode did not strip the username and password section of URLs displayed in the addressbar. This can be used for spoofing the domain of the current page. This vulnerability affects Firefox < 54.
How severe is CVE-2017-7762?
Severity scoring for CVE-2017-7762 is pending analysis. The EPSS model estimates a 1.94% probability of exploitation in the next 30 days.
How do I fix CVE-2017-7762?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2017-7762?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST