CVE-2017-5420 Information

Description

A \javascript:\ url loaded by a malicious page can obfuscate its location by blanking the URL displayed in the addressbar allowing for an attacker to spoof an existing page without the malicious page’s address being displayed correctly. This vulnerability affects Firefox 52.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Reference

http://www.securityfocus.com/bid/96692 http://www.securitytracker.com/id/1037966 https://bugzilla.mozilla.org/show_bug.cgi?id=1284395 https://www.mozilla.org/security/advisories/mfsa2017-05/ A \javascript:
url loaded by a malicious page can obfuscate its location by blanking the URL displayed in the addressbar allowing for an attacker to spoof an existing page without the malicious page’s address being displayed correctly. This vulnerability affects Firefox

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

NONE

Base Severity

6.5