CVE-2017-5456

CVSS v3.0 9.8 (Critical)

CVSS v2.0 7.5 (High)

EPSS 5.16 % (93^th)

Affected Products 8

Advisories 9

A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This allows for read and write access to the local file system. This vulnerability affects Firefox ESR < 52.1 and Firefox < 53.

Weaknesses

CWE-732: Incorrect Permission Assignment for Critical Resource

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2018-06-11 21:29:06
(6 years ago)
Updated Date: 2019-10-03 00:03:26
(5 years ago)

Affected Products

Mozilla

Redhat

Configuration #1

		CPE23	From	Up To
	Redhat Enterprise Linux 7.0	cpe:2.3:o:redhat:enterprise_linux:7.0
	Redhat Enterprise Linux Desktop 7.0	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
	Redhat Enterprise Linux Server 7.0	cpe:2.3:o:redhat:enterprise_linux_server:7.0
	Redhat Enterprise Linux Server Aus 7.3	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3
	Redhat Enterprise Linux Server Aus 7.4	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4
	Redhat Enterprise Linux Server Eus 7.3	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3
	Redhat Enterprise Linux Server Eus 7.4	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4
	Redhat Enterprise Linux Server Eus 7.5	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5
	Redhat Enterprise Linux Workstation 7.0	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0

Configuration #2

		CPE23	From	Up To
	Mozilla Firefox prior 53.0 version	cpe:2.3:a:mozilla:firefox		< 53.0

Configuration #3

		CPE23	From	Up To
	Mozilla Firefox Esr prior 52.1.0 version	cpe:2.3:a:mozilla:firefox_esr		< 52.1.0