CVE-2017-5397

Published: Jun 11, 2018Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The cache directory on the local file system is set to be world writable. Firefox defaults to extracting libraries from this cache. This allows for the possibility of an installed malicious application or tools with write access to the file system to replace files used by Firefox with their own versions. This vulnerability affects Firefox < 51.0.3.

Affected (1)

Products: Mozilla: Firefox

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Before 51.0.3

Related CWEs

Inclusion of Functionality from Untrusted Control Sphere

The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.

References (6)

http://www.securityfocus.com/bid/96144

Source: security@mozilla.org

Third Party AdvisoryVDB Entry

https://bugzilla.mozilla.org/show_bug.cgi?id=1337304

Source: security@mozilla.org

Issue TrackingPatchVendor Advisory

https://www.mozilla.org/security/advisories/mfsa2017-04/

Source: security@mozilla.org

Vendor Advisory

http://www.securityfocus.com/bid/96144

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://bugzilla.mozilla.org/show_bug.cgi?id=1337304

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchVendor Advisory

https://www.mozilla.org/security/advisories/mfsa2017-04/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.