CVE-2017-7762
Publication date 14 June 2017
Last updated 25 August 2025
Ubuntu priority
Description
When entered directly, Reader Mode did not strip the username and password section of URLs displayed in the addressbar. This can be used for spoofing the domain of the current page. This vulnerability affects Firefox < 54.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| firefox | ||
| 16.04 LTS xenial |
Fixed 54.0+build3-0ubuntu0.16.04.1
|
|
| 14.04 LTS trusty |
Fixed 54.0+build3-0ubuntu0.14.04.1
|
Severity score breakdown
CVSS version: CVSS v3.0
Base score
7.5 · High
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
References
Related Ubuntu Security Notices (USN)
- USN-3315-1
- Firefox vulnerabilities
- 15 June 2017