CVE-2017-7812

Published: 02 October 2017

If web content on a page is dragged onto portions of the browser UI, such as the tab bar, links can be opened that otherwise would not be allowed to open. This can allow malicious web content to open a locally stored file through "file:" URLs. This vulnerability affects Firefox < 56.

Priority

Medium

CVSS 3 base score: 5.3

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
Upstream
Released (56.0)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (56.0+build6-0ubuntu1)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (56.0+build6-0ubuntu0.16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [56.0+build6-0ubuntu0.14.04.1])