Veracode Vulnerability DatabaseVERACODE:17975Spoofing Vulnerability
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
Firefox is vulnerable to spoofing attacks. A remote user can spoof the address bar using the onblur event.The event could be used by script to affect text display to make the loaded site appear to be different from the one actually loaded within the addressbar.
References
www.securityfocus.com/bid/97940
www.securitytracker.com/id/1038320
access.redhat.com/errata/RHSA-2017:1106
access.redhat.com/errata/RHSA-2017:1201
access.redhat.com/security/updates/classification/#important
bugzilla.mozilla.org/show_bug.cgi?id=1273537
www.mozilla.org/en-US/security/advisories/mfsa2017-13
www.mozilla.org/security/advisories/mfsa2017-10/
www.mozilla.org/security/advisories/mfsa2017-12/
www.mozilla.org/security/advisories/mfsa2017-13/
Related
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N