1. Home
  2. Vulnerabilities
  3. CVE-2017-5426

CVE-2017-5426

CVSS v3.0 5.3 (Medium)
53% Progress
CVSS v2.0 5 (Medium)
50% Progress
EPSS 0.31 % (71th)
0.31% Progress
Affected Products 3
Advisories 6
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

On Linux, if the secure computing mode BPF (seccomp-bpf) filter is running when the Gecko Media Plugin sandbox is started, the sandbox fails to be applied and items that would run within the sandbox are run protected only by the running filter which is typically weak compared to the sandbox. Note: this issue only affects Linux. Other operating systems are not affected. This vulnerability affects Firefox < 52 and Thunderbird < 52.

Weaknesses
CWE-732
Incorrect Permission Assignment for Critical Resource
CVE Status
PUBLISHED
CNA
Mozilla Corporation
Published Date
2018-06-11 21:29:05
(6 years ago)
Updated Date
2019-10-03 00:03:26
(5 years ago)

Affected Products

Linux

Mozilla

Configuration #1

AND
    CPE23 From Up To
OR  
  Mozilla Firefox prior 52.0 version cpe:2.3:a:mozilla:firefox < 52.0
OR  
  Running on/with
  Linux Kernel cpe:2.3:o:linux:linux_kernel:-

Configuration #2

AND
    CPE23 From Up To
OR  
  Mozilla Thunderbird prior 52.0 version cpe:2.3:a:mozilla:thunderbird < 52.0
OR  
  Running on/with
  Linux Kernel cpe:2.3:o:linux:linux_kernel:-