CVE-2017-5425

Summary

The Gecko Media Plugin sandbox allows access to local files that match specific regular expressions. On OS OX, this matching allows access to some data in subdirectories of "/private/var" that could expose personal or temporary data. This has been updated to not allow access to "/private/var" and its subdirectories. Note: this issue only affects OS X. Other operating systems are not affected. This vulnerability affects Firefox < 52 and Thunderbird < 52.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 52affected
MozillaThunderbirdunspecified < 52affected

Weaknesses

  • Overly permissive Gecko Media Plugin sandbox regular expression access

ADP Enrichment

CVE Program Container

Additional References

References