2 matches found
CVE-2017-7815
On pages containing an iframe, the "data:" protocol can be used to create a modal dialog through Javascript that will have an arbitrary domains as the dialog's location, spoofing of the origin of the modal dialog from the user view. Note: This attack only affects installations with e10 multiproce...
CVE-2017-7815
The CVE-2017-7815 entry relates to Mozilla Firefox's handling of iframe pages where the data: protocol can trigger a Javascript modal dialog that points to an arbitrary domain, potentially spoofing the origin seen by the user. This vulnerability affects Firefox versions before 56 (i.e., Firefox &...