High severity7.8NVD Advisory· Published Jun 11, 2018· Updated Jun 17, 2026
CVE-2017-7814
CVE-2017-7814
Description
File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. This would allow malicious sites to lure users into downloading executables that would otherwise be detected as suspicious. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
45- osv-coords42 versionspkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Tumbleweedpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATApkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/MozillaFirefox&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSSpkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATApkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/mozilla-nss&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Package%20Hub%2012
< 128.5.1-1.1+ 41 more
- (no CPE)range: < 128.5.1-1.1
- (no CPE)range: < 92.0-1.2
- (no CPE)range: < 91.1.1-1.1
- (no CPE)range: < 52.4.0esr-109.6.2
- (no CPE)range: < 52.4.0esr-109.6.2
- (no CPE)range: < 52.4.0esr-72.13.2
- (no CPE)range: < 52.4.0esr-72.13.2
- (no CPE)range: < 52.4.0esr-72.13.2
- (no CPE)range: < 52.4.0esr-72.13.2
- (no CPE)range: < 52.4.0esr-109.6.2
- (no CPE)range: < 52.4.0esr-109.6.2
- (no CPE)range: < 52.4.0esr-109.6.2
- (no CPE)range: < 52.4.0esr-109.6.2
- (no CPE)range: < 52.4.0esr-109.6.2
- (no CPE)range: < 52.4.0esr-72.13.2
- (no CPE)range: < 52.4.0esr-109.6.2
- (no CPE)range: < 52.4.0esr-109.6.2
- (no CPE)range: < 52.4.0esr-109.6.2
- (no CPE)range: < 52.4.0esr-72.13.2
- (no CPE)range: < 52.4.0esr-109.6.2
- (no CPE)range: < 52.4.0esr-109.6.2
- (no CPE)range: < 52.4.0esr-109.6.2
- (no CPE)range: < 3.29.5-58.3.1
- (no CPE)range: < 3.29.5-58.3.1
- (no CPE)range: < 3.29.5-47.6.1
- (no CPE)range: < 3.29.5-47.6.1
- (no CPE)range: < 3.29.5-47.6.1
- (no CPE)range: < 3.29.5-47.6.1
- (no CPE)range: < 3.29.5-58.3.1
- (no CPE)range: < 3.29.5-58.3.1
- (no CPE)range: < 3.29.5-58.3.1
- (no CPE)range: < 3.29.5-58.3.1
- (no CPE)range: < 3.29.5-58.3.1
- (no CPE)range: < 3.29.5-47.6.1
- (no CPE)range: < 3.29.5-58.3.1
- (no CPE)range: < 3.29.5-58.3.1
- (no CPE)range: < 3.29.5-58.3.1
- (no CPE)range: < 3.29.5-47.6.1
- (no CPE)range: < 3.29.5-58.3.1
- (no CPE)range: < 3.29.5-58.3.1
- (no CPE)range: < 3.29.5-58.3.1
- (no CPE)range: < 52.4.0-45.1
unspecified+ 1 more
- (no CPE)range: unspecified
- (no CPE)range: unspecified
- Range: unspecified
Patches
Vulnerability mechanics
References
12- bugzilla.mozilla.org/show_bug.cginvdIssue TrackingPatchThird Party Advisory
- www.securityfocus.com/bid/101059nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1039465nvdThird Party AdvisoryVDB Entry
- access.redhat.com/errata/RHSA-2017:2831nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2017:2885nvdThird Party Advisory
- lists.debian.org/debian-lts-announce/2017/11/msg00000.htmlnvdThird Party Advisory
- security.gentoo.org/glsa/201803-14nvdThird Party Advisory
- www.debian.org/security/2017/dsa-3987nvdThird Party Advisory
- www.debian.org/security/2017/dsa-4014nvdThird Party Advisory
- www.mozilla.org/security/advisories/mfsa2017-21/nvdVendor Advisory
- www.mozilla.org/security/advisories/mfsa2017-22/nvdVendor Advisory
- www.mozilla.org/security/advisories/mfsa2017-23/nvdVendor Advisory
News mentions
0No linked articles in our index yet.