Vulnerability Description
When dragging content from the primary browser pane to the addressbar on a malicious site, it is possible to change the addressbar so that the displayed location following navigation does not match the URL of the newly loaded page. This allows for spoofing attacks. This vulnerability affects Firefox < 52.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | < 52.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/96692Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1037966Third Party AdvisoryVDB Entry
- https://bugzilla.mozilla.org/show_bug.cgi?id=791597Issue TrackingPatchVendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2017-05/Vendor Advisory
- http://www.securityfocus.com/bid/96692Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1037966Third Party AdvisoryVDB Entry
- https://bugzilla.mozilla.org/show_bug.cgi?id=791597Issue TrackingPatchVendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2017-05/Vendor Advisory
FAQ
What is CVE-2017-5417?
CVE-2017-5417 is a vulnerability with a CVSS score of 5.3 (MEDIUM). When dragging content from the primary browser pane to the addressbar on a malicious site, it is possible to change the addressbar so that the displayed location following navigation does not match th...
How severe is CVE-2017-5417?
CVE-2017-5417 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-5417?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox.