CVE-2017-7762

CVSS v3.0 7.5 (High)

CVSS v2.0 5 (Medium)

EPSS 0.23 % (62^th)

Affected Products 4

Advisories 7

When entered directly, Reader Mode did not strip the username and password section of URLs displayed in the addressbar. This can be used for spoofing the domain of the current page. This vulnerability affects Firefox < 54.

Weaknesses

CWE-20: Improper Input Validation

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2018-06-11 21:29:08
(6 years ago)
Updated Date: 2018-07-30 15:23:09
(6 years ago)

Affected Products

Mozilla

Firefox

Redhat

Configuration #1

		CPE23	From	Up To
	Redhat Enterprise Linux Desktop 6.0	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0
	Redhat Enterprise Linux Desktop 7.0	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
	Redhat Enterprise Linux Server 6.0	cpe:2.3:o:redhat:enterprise_linux_server:6.0
	Redhat Enterprise Linux Server 7.0	cpe:2.3:o:redhat:enterprise_linux_server:7.0
	Redhat Enterprise Linux Workstation 6.0	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0
	Redhat Enterprise Linux Workstation 7.0	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0

Configuration #2

		CPE23	From	Up To
	Mozilla Firefox prior 54.0 version	cpe:2.3:a:mozilla:firefox		< 54.0