CVE-2017-7814

Description

File downloads encoded with blob: and data: URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. This would allow malicious sites to lure users into downloading executables that would otherwise be detected as suspicious. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.

Risk Information

Base Score

7.8

MODERATE

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score

Exploitation Probability

0.319

Associated Vulnerability

Vulnerability	OS Platform
Update for Mozilla Firefox ESR (52.4.0)	Windows
Update for Mozilla Firefox ESR x64 (52.4.0)	Windows
Update for Mozilla Firefox (56.0)	Windows
Update for Mozilla Firefox x64 (56.0)	Windows
Update for Mozilla Thunderbird (52.4.0)	Windows
Update for Mozilla Firefox (56.0.1)	Windows
Update for Mozilla Firefox x64 (56.0.1)	Windows
Update for Mozilla Firefox ESR (52.4.1)	Windows
Update for Mozilla Firefox ESR x64 (52.4.1)	Windows
Update for Mozilla Firefox (56.0.2)	Windows
Update for Mozilla Firefox x64 (56.0.2)	Windows
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (56.0)	Mac
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (56.0.1)	Mac
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (56.0.2)	Mac
Multiple Vulnerabilities are affected in Firefox ESR for Mac 52.3.0	Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 52.3.0	Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 55.0.3	Mac
Multiple Vulnerabilities are affected in Mozilla Thunderbird for Mac 52.3.0	Mac
Multiple vulnerabilities are fixed in Mozilla Firefox For Mac 52.4	Mac
Mozilla Open Source mail and newsgroup client (USN-3278-1) thunderbird_52.4.0+build1-0ubuntu0.14.04.2_amd64.deb	Linux
Mozilla Open Source mail and newsgroup client (USN-3278-1) thunderbird_52.4.0+build1-0ubuntu0.16.04.2_i386.deb	Linux
Mozilla Open Source mail and newsgroup client (USN-3278-1) thunderbird_52.4.0+build1-0ubuntu0.16.04.2_amd64.deb	Linux
Mozilla Open Source mail and newsgroup client (USN-3278-1) thunderbird_52.4.0+build1-0ubuntu0.17.04.2_i386.deb	Linux
Mozilla Open Source mail and newsgroup client (USN-3278-1) thunderbird_52.4.0+build1-0ubuntu0.17.04.2_amd64.deb	Linux
Mozilla Open Source mail and newsgroup client (USN-3321-1) thunderbird_52.4.0+build1-0ubuntu0.14.04.2_i386.deb	Linux
Mozilla Open Source mail and newsgroup client (USN-3436-1) thunderbird_52.4.0+build1-0ubuntu0.14.04.2_amd64.deb	Linux
Mozilla Open Source mail and newsgroup client (USN-3436-1) thunderbird_52.4.0+build1-0ubuntu0.16.04.2_i386.deb	Linux
Mozilla Open Source mail and newsgroup client (USN-3436-1) thunderbird_52.4.0+build1-0ubuntu0.16.04.2_amd64.deb	Linux
Mozilla Open Source mail and newsgroup client (USN-3436-1) thunderbird_52.4.0+build1-0ubuntu0.17.04.2_i386.deb	Linux
Mozilla Open Source mail and newsgroup client (USN-3436-1) thunderbird_52.4.0+build1-0ubuntu0.17.04.2_amd64.deb	Linux
firefox-esr security update(DSA-3881-1) firefox-esr_52.4.0esr-1~deb8u1_amd64.deb	Linux
firefox-esr security update(DSA-3987-1) firefox-esr_52.4.0esr-1~deb8u1_i386.deb	Linux
thunderbird security update(DSA-4014-1) thunderbird_52.4.0-1~deb8u1_i386.deb	Linux
SUSE-SU-2017:2688-1(SUSE Linux Enterprise Desktop 12-SP2 ) libfreebl3-3.29.5-58.3.1.x86_64.rpm	Linux
SUSE-SU-2017:2688-1(SUSE Linux Enterprise Desktop 12-SP2 ) libfreebl3-32bit-3.29.5-58.3.1.x86_64.rpm	Linux
SUSE-SU-2017:2688-1(SUSE Linux Enterprise Desktop 12-SP2 ) libfreebl3-debuginfo-3.29.5-58.3.1.x86_64.rpm	Linux
SUSE-SU-2017:2688-1(SUSE Linux Enterprise Desktop 12-SP2 ) libfreebl3-debuginfo-32bit-3.29.5-58.3.1.x86_64.rpm	Linux
SUSE-SU-2017:2688-1(SUSE Linux Enterprise Server 12-SP2 ) libfreebl3-hmac-3.29.5-58.3.1.x86_64.rpm	Linux
SUSE-SU-2017:2688-1(SUSE Linux Enterprise Server 12-SP2 ) libfreebl3-hmac-32bit-3.29.5-58.3.1.x86_64.rpm	Linux
SUSE-SU-2017:2688-1(SUSE Linux Enterprise Desktop 12-SP2 ) libsoftokn3-3.29.5-58.3.1.x86_64.rpm	Linux
SUSE-SU-2017:2688-1(SUSE Linux Enterprise Desktop 12-SP2 ) libsoftokn3-32bit-3.29.5-58.3.1.x86_64.rpm	Linux
SUSE-SU-2017:2688-1(SUSE Linux Enterprise Desktop 12-SP2 ) libsoftokn3-debuginfo-3.29.5-58.3.1.x86_64.rpm	Linux
SUSE-SU-2017:2688-1(SUSE Linux Enterprise Desktop 12-SP2 ) libsoftokn3-debuginfo-32bit-3.29.5-58.3.1.x86_64.rpm	Linux
SUSE-SU-2017:2688-1(SUSE Linux Enterprise Server 12-SP2 ) libsoftokn3-hmac-3.29.5-58.3.1.x86_64.rpm	Linux
SUSE-SU-2017:2688-1(SUSE Linux Enterprise Server 12-SP2 ) libsoftokn3-hmac-32bit-3.29.5-58.3.1.x86_64.rpm	Linux
SUSE-SU-2017:2688-1(SUSE Linux Enterprise Desktop 12-SP2 ) mozilla-nss-3.29.5-58.3.1.x86_64.rpm	Linux
SUSE-SU-2017:2688-1(SUSE Linux Enterprise Desktop 12-SP2 ) mozilla-nss-32bit-3.29.5-58.3.1.x86_64.rpm	Linux
SUSE-SU-2017:2688-1(SUSE Linux Enterprise Desktop 12-SP2 ) mozilla-nss-certs-3.29.5-58.3.1.x86_64.rpm	Linux
SUSE-SU-2017:2688-1(SUSE Linux Enterprise Desktop 12-SP2 ) mozilla-nss-certs-32bit-3.29.5-58.3.1.x86_64.rpm	Linux
SUSE-SU-2017:2688-1(SUSE Linux Enterprise Desktop 12-SP2 ) mozilla-nss-certs-debuginfo-3.29.5-58.3.1.x86_64.rpm	Linux
SUSE-SU-2017:2688-1(SUSE Linux Enterprise Desktop 12-SP2 ) mozilla-nss-certs-debuginfo-32bit-3.29.5-58.3.1.x86_64.rpm	Linux
SUSE-SU-2017:2688-1(SUSE Linux Enterprise Desktop 12-SP2 ) mozilla-nss-debuginfo-3.29.5-58.3.1.x86_64.rpm	Linux
SUSE-SU-2017:2688-1(SUSE Linux Enterprise Desktop 12-SP2 ) mozilla-nss-debuginfo-32bit-3.29.5-58.3.1.x86_64.rpm	Linux
SUSE-SU-2017:2688-1(SUSE Linux Enterprise Desktop 12-SP2 ) mozilla-nss-debugsource-3.29.5-58.3.1.x86_64.rpm	Linux
SUSE-SU-2017:2688-1(SUSE Linux Enterprise Desktop 12-SP2 ) mozilla-nss-sysinit-3.29.5-58.3.1.x86_64.rpm	Linux
SUSE-SU-2017:2688-1(SUSE Linux Enterprise Desktop 12-SP2 ) mozilla-nss-sysinit-32bit-3.29.5-58.3.1.x86_64.rpm	Linux
SUSE-SU-2017:2688-1(SUSE Linux Enterprise Desktop 12-SP2 ) mozilla-nss-sysinit-debuginfo-3.29.5-58.3.1.x86_64.rpm	Linux
SUSE-SU-2017:2688-1(SUSE Linux Enterprise Desktop 12-SP2 ) mozilla-nss-sysinit-debuginfo-32bit-3.29.5-58.3.1.x86_64.rpm	Linux
SUSE-SU-2017:2688-1(SUSE Linux Enterprise Desktop 12-SP2 ) mozilla-nss-tools-3.29.5-58.3.1.x86_64.rpm	Linux
SUSE-SU-2017:2688-1(SUSE Linux Enterprise Desktop 12-SP2 ) mozilla-nss-tools-debuginfo-3.29.5-58.3.1.x86_64.rpm	Linux
SUSE-SU-2017:2872-1(SUSE Linux Enterprise Server 11-SP4 ) libfreebl3-3.29.5-47.6.1.x86_64.rpm	Linux
SUSE-SU-2017:2872-1(SUSE Linux Enterprise Server 11-SP4 ) libfreebl3-32bit-3.29.5-47.6.1.x86_64.rpm	Linux
SUSE-SU-2017:2872-1(SUSE Linux Enterprise Server 11-SP4 ) libsoftokn3-3.29.5-47.6.1.x86_64.rpm	Linux
SUSE-SU-2017:2872-1(SUSE Linux Enterprise Server 11-SP4 ) libsoftokn3-32bit-3.29.5-47.6.1.x86_64.rpm	Linux
SUSE-SU-2017:2872-1(SUSE Linux Enterprise Server 11-SP4 ) mozilla-nss-3.29.5-47.6.1.x86_64.rpm	Linux
SUSE-SU-2017:2872-1(SUSE Linux Enterprise Server 11-SP4 ) mozilla-nss-32bit-3.29.5-47.6.1.x86_64.rpm	Linux
SUSE-SU-2017:2872-1(SUSE Linux Enterprise Server 11-SP4 ) mozilla-nss-tools-3.29.5-47.6.1.x86_64.rpm	Linux

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-306451	Update for Mozilla Firefox ESR (52.4.0)
PATCH-306454	Update for Mozilla Firefox (56.0)
PATCH-306455	Update for Mozilla Firefox x64 (56.0)
PATCH-306497	Update for Mozilla Firefox (56.0.1)
PATCH-306498	Update for Mozilla Firefox x64 (56.0.1)
PATCH-306503	Update for Mozilla Firefox ESR (52.4.1)
PATCH-306578	Update for Mozilla Firefox (56.0.2)
PATCH-306579	Update for Mozilla Firefox x64 (56.0.2)
PATCH-607000	Mozilla Firefox For Mac (124.0)
PATCH-607000	Mozilla Firefox For Mac (124.0)
PATCH-607000	Mozilla Firefox For Mac (124.0)
PATCH-611808	Mozilla Firefox ESR for MAC 128.14.0
PATCH-611870	Mozilla Firefox For Mac (142.0.1)
PATCH-611870	Mozilla Firefox For Mac (142.0.1)
PATCH-611807	Mozilla Thunderbird For Mac (142.0)
PATCH-612783	Mozilla Firefox For Mac (145.0.1)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234