CVE-2017-7794

Published: Jun 11, 2018Modified: Nov 21, 2024

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

On Linux systems, if the content process is compromised, the sandbox broker will allow files to be truncated even though the sandbox explicitly only has read access to the local file system and no write permissions. Note: This attack only affects the Linux operating system. Other operating systems are not affected. This vulnerability affects Firefox < 55.

Affected (1)

Products: Mozilla: Firefox

1 product

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mozilla Firefox	Before 55.0

Running on/with	Platform Versions
Linux Linux Kernel	All versions

Related CWEs

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (6)

http://www.securitytracker.com/id/1039124

Source: security@mozilla.org

Third Party AdvisoryVDB Entry

https://bugzilla.mozilla.org/show_bug.cgi?id=1374281

Source: security@mozilla.org

ExploitIssue TrackingVendor Advisory

https://www.mozilla.org/security/advisories/mfsa2017-18/

Source: security@mozilla.org

Vendor Advisory

http://www.securitytracker.com/id/1039124

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://bugzilla.mozilla.org/show_bug.cgi?id=1374281

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingVendor Advisory

https://www.mozilla.org/security/advisories/mfsa2017-18/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.