vulnerability
Arch Linux: Access restriction bypass (CVE-2017-7834)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:P/A:N) | Jun 11, 2018 | Jul 11, 2025 | Nov 27, 2025 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
Jun 11, 2018
Added
Jul 11, 2025
Modified
Nov 27, 2025
Description
A data: URL loaded in a new tab of Firefox before 57.0 did not inherit the Content Security Policy (CSP) of the original page, allowing for bypasses of the policy including the execution of JavaScript. In prior versions when data: documents also inherited the context of the original page this would allow for potential cross-site scripting (XSS) attacks.
Solution
arch-linux-upgrade-latest
References
- CVE-2017-7834
- https://attackerkb.com/topics/CVE-2017-7834
- URL-http://www.securityfocus.com/bid/101832
- URL-http://www.securitytracker.com/id/1039803
- URL-https://bugzilla.mozilla.org/show_bug.cgi?id=1358009
- URL-https://security.archlinux.org/ASA-201711-23
- URL-https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/
- URL-https://www.mozilla.org/security/advisories/mfsa2017-24/
- CWE-79
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.