CVE-2017-7839 in Ubuntu

CVE-2017-7839

Priority

Description

Control characters prepended before "javascript:" URLs pasted in the
addressbar can cause the leading characters to be ignored and the pasted
JavaScript to be executed instead of being blocked. This could be used in
social engineering and self-cross-site-scripting (self-XSS) attacks where
users are convinced to copy and paste text into the addressbar. This
vulnerability affects Firefox < 57.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7839
https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/
https://usn.ubuntu.com/usn/usn-3477-1

Assigned-to

chrisccoulson

Notes

Package

Source: firefox (LP Ubuntu Debian)

Upstream:	released (57.0)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was released [57.0+build4-0ubuntu0.14.04.4])
Ubuntu 16.04 LTS (Xenial Xerus):	released (57.0+build4-0ubuntu0.16.04.5)
Ubuntu 18.04 LTS (Bionic Beaver):	released (57.0.1+build2-0ubuntu1)

More Information

Updated: 2019-12-05 18:49:41 UTC (commit dd38ff22974aae499eb50644b9d5a2817483cbdb)