CVE-2017-7765

The "Mark of the Web" was not correctly saved on Windows when files with very long names were downloaded from the Internet. Without the Mark of the Web data, the security warning that Windows displays before running executables downloaded from the Internet is not shown. Note: This attack only affects Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

21 Nov 2024, 03:32

Type Values Removed Values Added
References () http://www.securityfocus.com/bid/99057 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/99057 - Third Party Advisory, VDB Entry
References () http://www.securitytracker.com/id/1038689 - Third Party Advisory, VDB Entry () http://www.securitytracker.com/id/1038689 - Third Party Advisory, VDB Entry
References () https://bugzilla.mozilla.org/show_bug.cgi?id=1273265 - Issue Tracking, Vendor Advisory () https://bugzilla.mozilla.org/show_bug.cgi?id=1273265 - Issue Tracking, Vendor Advisory
References () https://www.mozilla.org/security/advisories/mfsa2017-15/ - Vendor Advisory () https://www.mozilla.org/security/advisories/mfsa2017-15/ - Vendor Advisory
References () https://www.mozilla.org/security/advisories/mfsa2017-16/ - Vendor Advisory () https://www.mozilla.org/security/advisories/mfsa2017-16/ - Vendor Advisory
References () https://www.mozilla.org/security/advisories/mfsa2017-17/ - Vendor Advisory () https://www.mozilla.org/security/advisories/mfsa2017-17/ - Vendor Advisory

Information

Published : 2018-06-11 21:29

Updated : 2024-11-21 03:32


NVD link : CVE-2017-7765

Mitre link : CVE-2017-7765

CVE.ORG link : CVE-2017-7765


JSON object : View

Products Affected

mozilla

  • firefox
  • firefox_esr
  • thunderbird

microsoft

  • windows
CWE
CWE-20

Improper Input Validation