vulnerability

Debian: CVE-2017-7791: firefox-esr, icedove -- security update

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
Published
Aug 8, 2017
Added
Aug 11, 2017
Modified
Nov 27, 2024

Description

On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. This vulnerability affects Thunderbird

Solution(s)

debian-upgrade-firefox-esrdebian-upgrade-icedove
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.