CVE-2017-7814

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-7814

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-7814.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-7814

Downstream

DEBIAN-CVE-2017-7814

DLA-1118-1

DLA-1153-1

DSA-3987-1

DSA-4014-1

RHSA-2017:2831

RHSA-2017:2885

SUSE-SU-2017:2688-1

SUSE-SU-2017:2872-1

SUSE-SU-2017:2872-2

UBUNTU-CVE-2017-7814

USN-3435-1

USN-3436-1

openSUSE-SU-2017:2707-1

openSUSE-SU-2017:2710-1

openSUSE-SU-2024:10600-1

openSUSE-SU-2024:10601-1

openSUSE-SU-2024:14572-1

Related

Published

2018-06-11T21:29:10Z

Modified

2025-08-09T19:01:28Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. This would allow malicious sites to lure users into downloading executables that would otherwise be detected as suspicious. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.

References

Affected packages