CVE-2017-7812
MEDIUMFirefox < 56 - Unauthorized File Access via Drag-and-Drop to Browser UI
Title source: llmDescription
If web content on a page is dragged onto portions of the browser UI, such as the tab bar, links can be opened that otherwise would not be allowed to open. This can allow malicious web content to open a locally stored file through "file:" URLs. This vulnerability affects Firefox < 56.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1039465
Vendor Advisory x_refsource_confirm
https://www.mozilla.org/security/advisories/mfsa2017-21/
Exploit, Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=1379842
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/101057
Scores
CVSS v3
5.3
EPSS
0.0027
EPSS Percentile
50.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
mozilla/firefox
< 55.0.3
Published
Jun 11, 2018
Tracked Since
Feb 18, 2026