Lucene search

K
ubuntucveUbuntu.comUB:CVE-2017-7759
HistoryJun 11, 2018 - 12:00 a.m.

CVE-2017-7759

2018-06-1100:00:00
ubuntu.com
ubuntu.com
10

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

58.8%

Android intent URLs given to Firefox for Android can be used to navigate
from HTTP or HTTPS URLs to local “file:” URLs, allowing for the reading of
local data through a violation of same-origin policy. Note: This attack
only affects Firefox for Android. Other operating systems are not affected.
This vulnerability affects Firefox < 54.

Notes

Author Note
chrisccoulson Affects Firefox for Android only

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

58.8%