A mechanism to spoof the addressbar through the user interaction on the addressbar and the "onblur" event. The event could be used by script to affect text display to make the loaded site appear to be different from the one actually loaded within the addressbar. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/97940 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1038320 | Third Party Advisory VDB Entry |
https://access.redhat.com/errata/RHSA-2017:1106 | Third Party Advisory |
https://access.redhat.com/errata/RHSA-2017:1201 | Third Party Advisory |
https://bugzilla.mozilla.org/show_bug.cgi?id=1273537 | Exploit Issue Tracking Patch Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2017-10/ | Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2017-12/ | Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2017-13/ | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mozilla
Published: 2018-06-11T21:00:00
Updated: 2018-06-12T09:57:01
Reserved: 2017-01-13T00:00:00
Link: CVE-2017-5451
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-06-11T21:29:06.607
Modified: 2018-08-09T15:34:11.577
Link: CVE-2017-5451
JSON object: View
Redhat Information
No data.
CWE