{"id":"CVE-2017-7807","details":"A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifest directory. This vulnerability affects Thunderbird \u003c 52.3, Firefox ESR \u003c 52.3, and Firefox \u003c 55.","modified":"2026-03-15T21:54:15.984450Z","published":"2018-06-11T21:29:10.140Z","related":["MGASA-2017-0268","MGASA-2017-0303","MGASA-2018-0018","SUSE-SU-2017:2302-1","SUSE-SU-2017:2589-1","openSUSE-SU-2017:2209-1","openSUSE-SU-2024:10600-1","openSUSE-SU-2024:10601-1","openSUSE-SU-2024:14572-1"],"references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/100242"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1039124"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:2456"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:2534"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201803-14"},{"type":"ADVISORY","url":"https://www.debian.org/security/2017/dsa-3968"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2017-18/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2017-20/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2017/dsa-3928"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2017-19/"},{"type":"FIX","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1376459"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.3"}]},{"events":[{"introduced":"0"},{"last_affected":"7.4"}]},{"events":[{"introduced":"0"},{"last_affected":"7.3"}]},{"events":[{"introduced":"0"},{"last_affected":"7.4"}]},{"events":[{"introduced":"0"},{"last_affected":"7.5"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"fixed":"55.0"}]},{"events":[{"introduced":"0"},{"fixed":"52.3.0"}]},{"events":[{"introduced":"0"},{"fixed":"52.3.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-7807.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"}]}