CVE-2017-5453
 
Severity Score
4.3
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A mechanism to inject static HTML into the RSS reader preview page due to a failure to escape characters sent as URL parameters for a feed's "TITLE" element. This vulnerability allows for spoofing but no scripted content can be run. This vulnerability affects Firefox < 53.
Mecanismo para inyectar HTML estático en la página de previsualización del lector RSS debido a un error a la hora de escapar caracteres enviados como parámetros de URL para un elemento "TITLE" de un feed. Esta vulnerabilidad permite la suplantación, pero no se puede ejecutar el contenido que no esté en script. La vulnerabilidad afecta a Firefox en versiones anteriores a la 53.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-01-13 CVE Reserved
- 2017-04-21 CVE Published
- 2023-11-02 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/97940 | Third Party Advisory | |
http://www.securitytracker.com/id/1038320 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://bugzilla.mozilla.org/show_bug.cgi?id=1321247 | 2018-08-09 | |
https://www.mozilla.org/security/advisories/mfsa2017-10 | 2018-08-09 |