CVE-2017-5397
N/A
N/A
Summary
The cache directory on the local file system is set to be world writable. Firefox defaults to extracting libraries from this cache. This allows for the possibility of an installed malicious application or tools with write access to the file system to replace files used by Firefox with their own versions. This vulnerability affects Firefox < 51.0.3.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Mozilla | Firefox | unspecified < 51.0.3 | affected |
Weaknesses
- Firefox for Android cache directory is world writable
ADP Enrichment
CVE Program Container
Additional References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1337304
- http://www.securityfocus.com/bid/96144
- https://www.mozilla.org/security/advisories/mfsa2017-04/
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1337304
- http://www.securityfocus.com/bid/96144
- https://www.mozilla.org/security/advisories/mfsa2017-04/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.