CVE-2017-5417 Information

Description

When dragging content from the primary browser pane to the addressbar on a malicious site it is possible to change the addressbar so that the displayed location following navigation does not match the URL of the newly loaded page. This allows for spoofing attacks. This vulnerability affects Firefox 52.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Reference

http://www.securityfocus.com/bid/96692 http://www.securitytracker.com/id/1037966 https://bugzilla.mozilla.org/show_bug.cgi?id=791597 https://www.mozilla.org/security/advisories/mfsa2017-05/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

LOW

Base Score

NONE

Base Severity

5.3