Home

CVE-2017-7834

Description

A data: URL loaded in a new tab did not inherit the Content Security Policy (CSP) of the original page, allowing for bypasses of the policy including the execution of JavaScript. In prior versions when data: documents also inherited the context of the original page this would allow for potential cross-site scripting (XSS) attacks. This vulnerability affects Firefox < 57.

Risk Information

Base Score
6.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.984

Associated Vulnerability

VulnerabilityOS Platform
Update for Mozilla Firefox (57.0)Windows
Update for Mozilla Firefox x64 (57.0)Windows
Update for Mozilla Firefox (57.0.1)Windows
Update for Mozilla Firefox x64 (57.0.1)Windows
Update for Mozilla Firefox (57.0.2)Windows
Update for Mozilla Firefox x64 (57.0.2)Windows
Update for Mozilla Firefox (57.0.3)Windows
Update for Mozilla Firefox x64 (57.0.3)Windows
Updates for Mozilla Firefox (57.0.4)Windows
Updates for Mozilla Firefox (x64) (57.0.4)Windows
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (57.0)Mac
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (57.0.1)Mac
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (57.0.2)Mac
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (57.0.3)Mac
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (57.0.4)Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 56.0.2Mac

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-306662Update for Mozilla Firefox (57.0)
PATCH-306663Update for Mozilla Firefox x64 (57.0)
PATCH-306737Update for Mozilla Firefox (57.0.1)
PATCH-306738Update for Mozilla Firefox x64 (57.0.1)
PATCH-306798Update for Mozilla Firefox (57.0.2)
PATCH-306799Update for Mozilla Firefox x64 (57.0.2)
PATCH-306903Update for Mozilla Firefox (57.0.3)
PATCH-306904Update for Mozilla Firefox x64 (57.0.3)
PATCH-306934Updates for Mozilla Firefox (57.0.4)
PATCH-306937Updates for Mozilla Firefox (x64) (57.0.4)
PATCH-607000Mozilla Firefox For Mac (124.0)
PATCH-607000Mozilla Firefox For Mac (124.0)
PATCH-607000Mozilla Firefox For Mac (124.0)
PATCH-607000Mozilla Firefox For Mac (124.0)
PATCH-607000Mozilla Firefox For Mac (124.0)
PATCH-611870Mozilla Firefox For Mac (142.0.1)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234