Origin Spoofing Vulnerability in Thunderbird and Firefox

Origin Spoofing Vulnerability in Thunderbird and Firefox

CVE-2017-7791 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

Learn more about our Web Application Penetration Testing UK.