Vulnerability CVE-2017-7812: Information

Description

If web content on a page is dragged onto portions of the browser UI, such as the tab bar, links can be opened that otherwise would not be allowed to open. This can allow malicious web content to open a locally stored file through "file:" URLs. This vulnerability affects Firefox < 56.

Severity: MEDIUM (5.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2017-7812

Published: June 12, 2018

Modified: June 25, 2018

Error type identifier: CWE-200

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
firefox	sisyphus	56.0-alt1	127.0-alt1	ALT-PU-2017-2437-1	190760	Fixed
firefox	p10	56.0-alt1	118.0.2-alt0.p10.1	ALT-PU-2017-2437-1	190760	Fixed
firefox	p9	56.0-alt1	105.0.1-alt0.c9.1	ALT-PU-2017-2437-1	190760	Fixed
firefox	p8	56.0-alt0.M80P.1	68.0.1-alt0.M80P.1	ALT-PU-2017-2453-1	190905	Fixed
firefox	c10f1	56.0-alt1	112.0.2-alt0.p10.1	ALT-PU-2017-2437-1	190760	Fixed
firefox	c9f2	56.0-alt1	105.0.1-alt0.c9.1	ALT-PU-2017-2437-1	190760	Fixed
firefox	c7	60.6.1-alt0.M70C.1	60.8.0-alt0.M70C.1	ALT-PU-2019-1726-1	218597	Fixed
firefox	p11	56.0-alt1	126.0.1-alt1	ALT-PU-2017-2437-1	190760	Fixed
firefox-esr	sisyphus	60.0.1-alt1	115.11.0-alt1	ALT-PU-2018-1854-1	207816	Fixed
firefox-esr	p10	60.0.1-alt1	115.11.0-alt1	ALT-PU-2018-1854-1	207816	Fixed
firefox-esr	p9	60.0.1-alt1	102.11.0-alt0.c9.1	ALT-PU-2018-1854-1	207816	Fixed
firefox-esr	p8	60.1.0-alt0.M80P.1	68.4.1-alt0.M80P.1	ALT-PU-2018-1966-1	207865	Fixed
firefox-esr	c10f1	60.0.1-alt1	115.9.1-alt0.c10.1	ALT-PU-2018-1854-1	207816	Fixed
firefox-esr	c9f2	60.0.1-alt1	102.12.0-alt0.c9.1	ALT-PU-2018-1854-1	207816	Fixed
firefox-esr	p11	60.0.1-alt1	115.11.0-alt1	ALT-PU-2018-1854-1	207816	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://www.mozilla.org/security/advisories/mfsa2017-21/	Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1379842	Exploit Issue Tracking
1039465	Third Party Advisory VDB Entry
101057	Third Party Advisory VDB Entry

Affected configurations:
1. Configuration 1
  cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
  End including
  55.0.3

Version: v24.5.3

Vulnerability CVE-2017-7812: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1