CVE-2017-7839

Priority
Description
Control characters prepended before "javascript:" URLs pasted in the
addressbar can cause the leading characters to be ignored and the pasted
JavaScript to be executed instead of being blocked. This could be used in
social engineering and self-cross-site-scripting (self-XSS) attacks where
users are convinced to copy and paste text into the addressbar. This
vulnerability affects Firefox < 57.
Assigned-to
chrisccoulson
Notes
Package
Upstream:released (57.0)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [57.0+build4-0ubuntu0.14.04.4])
Ubuntu 16.04 LTS (Xenial Xerus):released (57.0+build4-0ubuntu0.16.04.5)
Ubuntu 18.04 LTS (Bionic Beaver):released (57.0.1+build2-0ubuntu1)
More Information

Updated: 2019-12-05 18:49:41 UTC (commit dd38ff22974aae499eb50644b9d5a2817483cbdb)