CVE-2017-5458

Summary

When a "javascript:" URL is drag and dropped by a user into the addressbar, the URL will be processed and executed. This allows for users to be socially engineered to execute an XSS attack on themselves. This vulnerability affects Firefox < 53.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 53affected

Weaknesses

  • Drag and drop of javascript: URLs can allow for self-XSS

ADP Enrichment

CVE Program Container

Additional References

References