When dragging content from the primary browser pane to the addressbar on a malicious site, it is possible to change the addressbar so that the displayed location following navigation does not match the URL of the newly loaded page. This allows for spoofing attacks. This vulnerability affects Firefox < 52.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/96692 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1037966 | Third Party Advisory VDB Entry |
https://bugzilla.mozilla.org/show_bug.cgi?id=791597 | Issue Tracking Patch Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2017-05/ | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mozilla
Published: 2018-06-11T21:00:00
Updated: 2018-06-12T09:57:01
Reserved: 2017-01-13T00:00:00
Link: CVE-2017-5417
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-06-11T21:29:05.000
Modified: 2018-08-02T16:25:41.323
Link: CVE-2017-5417
JSON object: View
Redhat Information
No data.
CWE