File downloads encoded with blob: and data: URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. This would allow malicious sites to lure users into downloading executables that would otherwise be detected as suspicious. External Reference: https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7814
Acknowledgments: Name: the Mozilla project Upstream: François Marier
Public now via upstream advisories: https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/ https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Via RHSA-2017:2831 https://access.redhat.com/errata/RHSA-2017:2831
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Via RHSA-2017:2885 https://access.redhat.com/errata/RHSA-2017:2885