CVE-2017-7814

HIGH

Redhat Enterprise Linux Desktop < 52.4.0 - Improper Input Validation

Title source: rule
STIX 2.1

Description

File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. This would allow malicious sites to lure users into downloading executables that would otherwise be detected as suspicious. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.

References (12)

Core 12
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/101059
Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2017/11/msg00000.html
Vendor Advisory x_refsource_confirm
https://www.mozilla.org/security/advisories/mfsa2017-22/
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1039465
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:2831
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:2885
Vendor Advisory x_refsource_confirm
https://www.mozilla.org/security/advisories/mfsa2017-21/
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=1376036
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2017/dsa-4014
Vendor Advisory x_refsource_confirm
https://www.mozilla.org/security/advisories/mfsa2017-23/
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2017/dsa-3987
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201803-14

Scores

CVSS v3 7.8
EPSS 0.0032
EPSS Percentile 55.1%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (14)
debian/debian_linux 7.0
debian/debian_linux 8.0
debian/debian_linux 9.0
mozilla/firefox < 52.4.0
mozilla/thunderbird < 52.4.0
redhat/enterprise_linux_desktop 6.0
redhat/enterprise_linux_desktop 7.0
redhat/enterprise_linux_server 6.0
redhat/enterprise_linux_server 7.0
redhat/enterprise_linux_server_aus 7.4
... and 4 more
Published Jun 11, 2018
Tracked Since Feb 18, 2026