CVE-2017-5384 (retired)

Priority
Description
Proxy Auto-Config (PAC) files can specify a JavaScript function called for
all URL requests with the full URL path which exposes more information than
would be sent to the proxy itself in the case of HTTPS. Normally the Proxy
Auto-Config file is specified by the user or machine owner and presumed to
be non-malicious, but if a user has enabled Web Proxy Auto Detect (WPAD)
this file can be served remotely. This vulnerability affects Firefox < 51.
Assigned-to
chrisccoulson
Package
Upstream:released (51)
Ubuntu 14.04 LTS (Trusty Tahr):released (51.0.1+build2-0ubuntu0.14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):released (51.0.1+build2-0ubuntu0.16.04.1)
Package
Priority: Low
Upstream:not-affected
Ubuntu 14.04 LTS (Trusty Tahr):not-affected
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
More Information

Updated: 2019-03-26 12:25:58 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)