Medium severity6.1NVD Advisory· Published Jun 11, 2018· Updated Jun 17, 2026
CVE-2017-7839
CVE-2017-7839
Description
Control characters prepended before "javascript:" URLs pasted in the addressbar can cause the leading characters to be ignored and the pasted JavaScript to be executed instead of being blocked. This could be used in social engineering and self-cross-site-scripting (self-XSS) attacks where users are convinced to copy and paste text into the addressbar. This vulnerability affects Firefox < 57.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- osv-coords2 versionspkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweed
< 128.5.1-1.1+ 1 more
- (no CPE)range: < 128.5.1-1.1
- (no CPE)range: < 92.0-1.2
- Range: unspecified
Patches
Vulnerability mechanics
References
4- www.securityfocus.com/bid/101832nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1039803nvdThird Party AdvisoryVDB Entry
- www.mozilla.org/security/advisories/mfsa2017-24/nvdVendor Advisory
- bugzilla.mozilla.org/show_bug.cginvdIssue TrackingPermissions Required
News mentions
0No linked articles in our index yet.