CVE-2017-7835

Summary

Mixed content blocking of insecure (HTTP) sub-resources in a secure (HTTPS) document was not correctly applied for resources that redirect from HTTPS to HTTP, allowing content that should be blocked, such as scripts, to be loaded on a page. This vulnerability affects Firefox < 57.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 57affected

Weaknesses

  • Mixed content blocking incorrectly applies with redirects

ADP Enrichment

CVE Program Container

Additional References

References