CVE-2017-7799

Summary

JavaScript in the "about:webrtc" page is not sanitized properly being assigned to "innerHTML". Data on this page is supplied by WebRTC usage and is not under third-party control, making this difficult to exploit, but the vulnerability could possibly be used for a cross-site scripting (XSS) attack. This vulnerability affects Firefox < 55.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 55affected

Weaknesses

  • Self-XSS XUL injection in about:webrtc

ADP Enrichment

CVE Program Container

Additional References

References