Lucene search

K
cvelistMozillaCVELIST:CVE-2017-7840
HistoryJun 11, 2018 - 9:00 p.m.

CVE-2017-7840

2018-06-1121:00:00
mozilla
www.cve.org

6.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.8%

JavaScript can be injected into an exported bookmarks file by placing JavaScript code into user-supplied tags in saved bookmarks. If the resulting exported HTML file is later opened in a browser this JavaScript will be executed. This could be used in social engineering and self-cross-site-scripting (self-XSS) attacks if users were convinced to add malicious tags to bookmarks, export them, and then open the resulting file. This vulnerability affects Firefox < 57.

CNA Affected

[
  {
    "product": "Firefox",
    "vendor": "Mozilla",
    "versions": [
      {
        "lessThan": "57",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

6.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.8%