CVE-2017-7814

File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. This would allow malicious sites to lure users into downloading executables that would otherwise be detected as suspicious. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.

Published: Jun 11, 2018
Updated: Apr 13, 2023
CVE: CVE-2017-7814
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
redhat / enterprise_linux_desktop	7.0	7.0.x
redhat / enterprise_linux_workstation	7.0	7.0.x
redhat / enterprise_linux_server	7.0	7.0.x
redhat / enterprise_linux_desktop	6.0	6.0.x
redhat / enterprise_linux_server	6.0	6.0.x
redhat / enterprise_linux_workstation	6.0	6.0.x
redhat / enterprise_linux_server_aus	7.4	7.4.x
redhat / enterprise_linux_server_eus	7.4	7.4.x
redhat / enterprise_linux_server_eus	7.5	7.5.x
mozilla / firefox	-	56.0
mozilla / firefox_esr	-	52.4.0
mozilla / thunderbird	-	52.4.0
debian / debian_linux	8.0	8.0.x
debian / debian_linux	7.0	7.0.x
debian / debian_linux	9.0	9.0.x

Vulnerability Database

290,206

CVE-2017-7814