A vulnerability where WebExtensions can download and attempt to open a file of some non-executable file types. This can be triggered without specific user interaction for the file download and open actions. This could be used to trigger known vulnerabilities in the programs that handle those document types. This vulnerability affects Firefox < 56.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/101057 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1039465 | Third Party Advisory VDB Entry |
https://bugzilla.mozilla.org/show_bug.cgi?id=1346515 | Exploit Issue Tracking |
https://www.mozilla.org/security/advisories/mfsa2017-21/ | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mozilla
Published: 2018-06-11T21:00:00
Updated: 2018-06-12T09:57:01
Reserved: 2017-04-12T00:00:00
Link: CVE-2017-7821
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-06-11T21:29:10.920
Modified: 2019-10-03T00:03:26.223
Link: CVE-2017-7821
JSON object: View
Redhat Information
No data.
CWE