← back
CVE-2017-5415

CVE-2017-5415

EPSS 12.6%
An attack can use a blob URL and script to spoof an arbitrary addressbar URL prefaced by "blob:" as the protocol, leading to user confusion and further spoofing attacks. This vulnerability affects Firefox < 52.
Affected products
Mozilla · Firefox
public PoCs found2
githubgithub.com/649/CVE-2017-54157exploitdbwww.exploit-db.com/exploits/44266unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://bugzilla.mozilla.org/show_bug.cgi?id=1321719https://www.mozilla.org/security/advisories/mfsa2017-05/http://www.securityfocus.com/bid/96692http://www.securitytracker.com/id/1037966