{"id":"CVE-2017-5386","details":"WebExtension scripts can use the \"data:\" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. This vulnerability affects Firefox ESR \u003c 45.7 and Firefox \u003c 51.","modified":"2026-04-16T01:44:15.798598791Z","published":"2018-06-11T21:29:03.327Z","related":["SUSE-SU-2017:0426-1","SUSE-SU-2017:0427-1","openSUSE-SU-2024:10600-1","openSUSE-SU-2024:14572-1"],"references":[{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201702-22"},{"type":"ADVISORY","url":"https://www.debian.org/security/2017/dsa-3771"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2017-01/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2017-02/"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2017-0190.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/95769"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1037693"},{"type":"FIX","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1319070"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-5386.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"5.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"5.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"5.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.3"}]},{"events":[{"introduced":"0"},{"last_affected":"7.4"}]},{"events":[{"introduced":"0"},{"last_affected":"7.3"}]},{"events":[{"introduced":"0"},{"last_affected":"7.4"}]},{"events":[{"introduced":"0"},{"last_affected":"7.5"}]},{"events":[{"introduced":"0"},{"last_affected":"5.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"fixed":"51.0"}]},{"events":[{"introduced":"0"},{"fixed":"45.7.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}]}