{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/614?format=json","vulnerability_id":"VCID-qszf-sswb-6ycw","summary":"On pages containing an iframe, the data: protocol can be used to create a modal dialog through Javascript that will have an arbitrary domains as the dialog's location, spoofing of the origin of the modal dialog from the user view. *Note: This attack only affects installations with e10 multiprocess turned off. Installations with e10s turned on do not support the modal dialog functionality.*","aliases":[{"alias":"CVE-2017-7815"}],"fixed_packages":[],"affected_packages":[],"references":[{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-21","reference_id":"mfsa2017-21","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-21"}],"weaknesses":[],"exploits":[],"severity_range_score":"9.0 - 10.0","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qszf-sswb-6ycw"}