CVE-2017-5420
MEDIUMFirefox < 52.0 - Address Bar Spoofing via JavaScript URL Obfuscation
Title source: llmDescription
A "javascript:" url loaded by a malicious page can obfuscate its location by blanking the URL displayed in the addressbar, allowing for an attacker to spoof an existing page without the malicious page's address being displayed correctly. This vulnerability affects Firefox < 52.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_confirm
https://www.mozilla.org/security/advisories/mfsa2017-05/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1037966
Exploit, Issue Tracking, Patch, Vendor Advisory x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=1284395
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/96692
Scores
CVSS v3
6.5
EPSS
0.0040
EPSS Percentile
60.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Details
CWE
CWE-20
Status
published
Products (1)
mozilla/firefox
< 52.0
Published
Jun 11, 2018
Tracked Since
Feb 18, 2026