CVE-2017-7765
HIGHFirefox < 54 and Firefox ESR < 52.2 - Security Feature Bypass via Long Filename Download
Title source: llmDescription
The "Mark of the Web" was not correctly saved on Windows when files with very long names were downloaded from the Internet. Without the Mark of the Web data, the security warning that Windows displays before running executables downloaded from the Internet is not shown. Note: This attack only affects Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/99057
Vendor Advisory x_refsource_confirm
https://www.mozilla.org/security/advisories/mfsa2017-15/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1038689
Issue Tracking, Vendor Advisory x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=1273265
Vendor Advisory x_refsource_confirm
https://www.mozilla.org/security/advisories/mfsa2017-17/
Vendor Advisory x_refsource_confirm
https://www.mozilla.org/security/advisories/mfsa2017-16/
Scores
CVSS v3
7.5
EPSS
0.0049
EPSS Percentile
65.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-20
Status
published
Products (2)
mozilla/firefox
< 52.2.0
mozilla/thunderbird
< 52.2.0
Published
Jun 11, 2018
Tracked Since
Feb 18, 2026