CVE-2017-5384 in Firefoxinfo

Summary

Proxy Auto-Config (PAC) files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed to be non-malicious, but if a user has enabled Web Proxy Auto Detect (WPAD) this file can be served remotely. This vulnerability affects Firefox < 51.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Reservation

01/13/2017

Disclosure

06/11/2018

Moderation

VulDB entry created

Entries

VDB-96017 (1)

CPE

ready

CWE

CWE-200 (Confirmed)

CVSS

5.1

EPSS

0.00764

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2017-5384
NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-5384
CVE Details	https://www.cvedetails.com/cve/CVE-2017-5384/

◂ Previous Overview Next ▸

Might our Artificial Intelligence support you?

Check our Alexa App!