Lucene search
RootSSV:96617HistoryOct 09, 2017 - 12:00 a.m.
Mozilla Firefox WebExtensions can download and open non-executable files without user interaction(CVE-2017-7821)
2017-10-0900:00:00
Root
www.seebug.org
22
EPSS
0.005
Percentile
76.7%
CVE-2017-7821
“browser.downloads addon feature may be used for RCE”
Steps:
1. Go to ‘about:debugging’
2. Unpack attached PoC somewhere
3. Back in ‘about:debugging’ choose ‘Load temp addon’ and choose the poc
4. jar file is automatically downloaded and executed.
We are able to download and execute jar files automatically.
http://leucosite.com/CVE-2017-7821.zip
Related
cvelist
cvelist
CVE-2017-7821
2018-06-11 21:00:00
cve
cve
CVE-2017-7821
2018-06-11 21:29:10
prion
prion
Design/Logic Flaw
2018-06-11 21:29:00
nvd
nvd
CVE-2017-7821
2018-06-11 21:29:10
debiancve
debiancve
CVE-2017-7821
2018-06-11 21:29:10
zdt
zdt
Firefox browser.downloads addon Remote Code Execute (PoC) Vulnerability
2017-09-29 00:00:00
ubuntucve
ubuntucve
CVE-2017-7821
2017-10-02 00:00:00
ubuntu
ubuntu
Firefox vulnerabilities
2017-10-02 00:00:00
Firefox regression
2017-10-04 00:00:00
nessus
nessus
Ubuntu 14.04 LTS / 16.04 LTS : Firefox regression (USN-3435-2)
2017-10-05 00:00:00
Mozilla Firefox < 56 Multiple Vulnerabilities
2017-10-06 00:00:00
Ubuntu 14.04 LTS / 16.04 LTS : Firefox vulnerabilities (USN-3435-1)
2017-10-03 00:00:00
openvas
openvas
Mozilla Firefox Security Advisory (MFSA2017-21) - Linux
2021-11-08 00:00:00
Mozilla Firefox Security Advisories (MFSA2017-21, MFSA2017-22) - Windows
2017-10-03 00:00:00
Ubuntu: Security Advisory (USN-3435-1)
2017-10-05 00:00:00
mozilla
mozilla
Security vulnerabilities fixed in Firefox 56 — Mozilla
2017-09-28 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2017-09-28 00:00:00
kaspersky
kaspersky
KLA11109 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR
2017-09-28 00:00:00