{ "id": "CVE-2017-5421", "sourceIdentifier": "security@mozilla.org", "published": "2018-06-11T21:29:05.203", "lastModified": "2018-08-07T15:09:57.130", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A malicious site could spoof the contents of the print preview window if popup windows are enabled, resulting in user confusion of what site is currently loaded. This vulnerability affects Firefox < 52 and Thunderbird < 52." }, { "lang": "es", "value": "Un sitio malicioso podr\u00eda suplantar el contenido de la ventana de previsualizaci\u00f3n de impresi\u00f3n si las ventanas emergentes est\u00e1n habilitadas, lo que resulta en una confusi\u00f3n del usuario de qu\u00e9 sitio est\u00e1 cargado actualmente. La vulnerabilidad afecta a Firefox en versiones anteriores a la 52 y Thunderbird en versiones anteriores a la 52." } ], "metrics": { "cvssMetricV30": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 3.6 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 5.0 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-20" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "versionEndExcluding": "52.0.", "matchCriteriaId": "EEF14BDF-6CEE-44CF-A838-1BB4D1DB31C1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "versionEndExcluding": "52.0.", "matchCriteriaId": "149C7AA3-8508-4D1A-B7DA-2F54D9EBCA83" } ] } ] } ], "references": [ { "url": "http://www.securityfocus.com/bid/96692", "source": "security@mozilla.org", "tags": [ "Third Party Advisory", "VDB Entry" ] }, { "url": "http://www.securitytracker.com/id/1037966", "source": "security@mozilla.org", "tags": [ "Third Party Advisory", "VDB Entry" ] }, { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1301876", "source": "security@mozilla.org", "tags": [ "Exploit", "Issue Tracking", "Patch", "Vendor Advisory" ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2017-05/", "source": "security@mozilla.org", "tags": [ "Vendor Advisory" ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2017-09/", "source": "security@mozilla.org", "tags": [ "Vendor Advisory" ] } ] }