Описание
A "javascript:" url loaded by a malicious page can obfuscate its location by blanking the URL displayed in the addressbar, allowing for an attacker to spoof an existing page without the malicious page's address being displayed correctly. This vulnerability affects Firefox < 52.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 52.0.1+build2-0ubuntu1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [52.0+build2-0ubuntu0.14.04.1]] |
| precise | released | 52.0+build2-0ubuntu0.12.04.1 |
| trusty | released | 52.0+build2-0ubuntu0.14.04.1 |
| trusty/esm | DNE | trusty was released [52.0+build2-0ubuntu0.14.04.1] |
| upstream | released | 52.0 |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE | |
| xenial | released | 52.0+build2-0ubuntu0.16.04.1 |
| yakkety | released | 52.0+build2-0ubuntu0.16.10.1 |
Показывать по
EPSS
4.3 Medium
CVSS2
6.5 Medium
CVSS3
Связанные уязвимости
A "javascript:" url loaded by a malicious page can obfuscate its location by blanking the URL displayed in the addressbar, allowing for an attacker to spoof an existing page without the malicious page's address being displayed correctly. This vulnerability affects Firefox < 52.
A "javascript:" url loaded by a malicious page can obfuscate its locat ...
A "javascript:" url loaded by a malicious page can obfuscate its location by blanking the URL displayed in the addressbar, allowing for an attacker to spoof an existing page without the malicious page's address being displayed correctly. This vulnerability affects Firefox < 52.
EPSS
4.3 Medium
CVSS2
6.5 Medium
CVSS3