CVE-2017-7814
7.8
HIGH
CVSS 3.1
EPSS 0.32%
Description
File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. This would allow malicious sites to lure users into downloading executables that would otherwise be detected as suspicious. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.
How to fix CVE-2017-7814
To remediate CVE-2017-7814, upgrade the affected package to a fixed version below.
- —upgrade to 52.4.0esr-2 or later
- —upgrade to 1:52.4.0-1 or later
Is CVE-2017-7814 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 52.4.0esr-2
- from 0, < 1:52.4.0-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.8 | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |