CVE-2017-5415

MEDIUM

Firefox < 52 - SSRF

Title source: llm

Description

An attack can use a blob URL and script to spoof an arbitrary addressbar URL prefaced by "blob:" as the protocol, leading to user confusion and further spoofing attacks. This vulnerability affects Firefox < 52.

Exploits (3)

exploitdb WORKING POC

by 649 · htmllocalmultiple

https://www.exploit-db.com/exploits/44266

View Code ZIP pw:eip

nomisec NO CODE 7 stars

by 649 · poc

https://github.com/649/CVE-2017-5415

View Code ZIP pw:eip

gitlab NO CODE

by 0x1 · poc

https://gitlab.com/0x1/CVE-2017-5415

View Code ZIP pw:eip

References (4)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/96692

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1037966

[Exploit, Issue Tracking, Patch] https://bugzilla.mozilla.org/show_bug.cgi?id=1321719

[Vendor Advisory] https://www.mozilla.org/security/advisories/mfsa2017-05/

Scores

CVSS v3 5.3

EPSS 0.2915

EPSS Percentile 96.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Details

CWE

CWE-20

Status published

Products (1)

mozilla/firefox < 52.0

Published Jun 11, 2018

Tracked Since Feb 18, 2026