CVE-2017-5421 (GCVE-0-2017-5421)
Vulnerability from cvelistv5
Published
2018-06-11 21:00
Modified
2024-08-05 15:04
Severity ?
CWE
  • Print preview spoofing
Summary
A malicious site could spoof the contents of the print preview window if popup windows are enabled, resulting in user confusion of what site is currently loaded. This vulnerability affects Firefox < 52 and Thunderbird < 52.
Impacted products
Vendor Product Version
Mozilla Firefox Version: unspecified   < 52
Create a notification for this product.
   Mozilla Thunderbird Version: unspecified   < 52
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:04:13.319Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1301876"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2017-09/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2017-05/"
          },
          {
            "name": "1037966",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037966"
          },
          {
            "name": "96692",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/96692"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "52",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "52",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2017-03-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A malicious site could spoof the contents of the print preview window if popup windows are enabled, resulting in user confusion of what site is currently loaded. This vulnerability affects Firefox \u003c 52 and Thunderbird \u003c 52."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Print preview spoofing",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-06-12T09:57:01",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1301876"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2017-09/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mozilla.org/security/advisories/mfsa2017-05/"
        },
        {
          "name": "1037966",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037966"
        },
        {
          "name": "96692",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/96692"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2017-5421",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Firefox",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "52"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Thunderbird",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "52"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Mozilla"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A malicious site could spoof the contents of the print preview window if popup windows are enabled, resulting in user confusion of what site is currently loaded. This vulnerability affects Firefox \u003c 52 and Thunderbird \u003c 52."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Print preview spoofing"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1301876",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1301876"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2017-09/",
              "refsource": "CONFIRM",
              "url": "https://www.mozilla.org/security/advisories/mfsa2017-09/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2017-05/",
              "refsource": "CONFIRM",
              "url": "https://www.mozilla.org/security/advisories/mfsa2017-05/"
            },
            {
              "name": "1037966",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037966"
            },
            {
              "name": "96692",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/96692"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2017-5421",
    "datePublished": "2018-06-11T21:00:00",
    "dateReserved": "2017-01-13T00:00:00",
    "dateUpdated": "2024-08-05T15:04:13.319Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-5421\",\"sourceIdentifier\":\"security@mozilla.org\",\"published\":\"2018-06-11T21:29:05.203\",\"lastModified\":\"2024-11-21T03:27:35.463\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A malicious site could spoof the contents of the print preview window if popup windows are enabled, resulting in user confusion of what site is currently loaded. This vulnerability affects Firefox \u003c 52 and Thunderbird \u003c 52.\"},{\"lang\":\"es\",\"value\":\"Un sitio malicioso podr\u00eda suplantar el contenido de la ventana de previsualizaci\u00f3n de impresi\u00f3n si las ventanas emergentes est\u00e1n habilitadas, lo que resulta en una confusi\u00f3n del usuario de qu\u00e9 sitio est\u00e1 cargado actualmente. La vulnerabilidad afecta a Firefox en versiones anteriores a la 52 y Thunderbird en versiones anteriores a la 52.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"52.0.\",\"matchCriteriaId\":\"EEF14BDF-6CEE-44CF-A838-1BB4D1DB31C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"52.0.\",\"matchCriteriaId\":\"149C7AA3-8508-4D1A-B7DA-2F54D9EBCA83\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/96692\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1037966\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1301876\",\"source\":\"security@mozilla.org\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2017-05/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2017-09/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/96692\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1037966\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1301876\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2017-05/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2017-09/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}