CVE-2017-5456
N/A
N/A
Summary
A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This allows for read and write access to the local file system. This vulnerability affects Firefox ESR < 52.1 and Firefox < 53.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Mozilla | Firefox ESR | unspecified < 52.1 | affected |
| Mozilla | Firefox | unspecified < 53 | affected |
Weaknesses
- Sandbox escape allowing local file system access
ADP Enrichment
CVE Program Container
Additional References
- https://access.redhat.com/errata/RHSA-2017:1106
- https://www.mozilla.org/security/advisories/mfsa2017-12/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1344415
- https://www.mozilla.org/security/advisories/mfsa2017-10/
- http://www.securityfocus.com/bid/97940
- http://www.securitytracker.com/id/1038320
References
- https://access.redhat.com/errata/RHSA-2017:1106
- https://www.mozilla.org/security/advisories/mfsa2017-12/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1344415
- https://www.mozilla.org/security/advisories/mfsa2017-10/
- http://www.securityfocus.com/bid/97940
- http://www.securitytracker.com/id/1038320
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.